AI/LLM Model File Contains Executable Code (Keras HFS5 .h5)

Binary data aimodelkerashfs5containsexecutablecode.nbin...

CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython that stems from the vulnerability of server sockets to connection contention from a malicious local peer...

The vulnerabilities of the functions cert_store_stats() and get_ca_certs() in the SSL module of the Python programming language interpreter (CPython) allow a malicious individual to gain unauthorized access to protected information.

The vulnerability of the certstorestats and getcacerts functions in the SSL module of the Python programming language interpreter CPython is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

ROS-20240704-10

A vulnerability in the python38.pth file of the Python programming language interpreter is related to ignoring the sys.path constraints specified in python38.pth . Exploitation of the vulnerability could allow an attacker acting remotely to download code from arbitrary locations A vulnerability i...

cpython Security Vulnerabilities

cpython is the Python Foundation's Python interpreter implemented in the C language. A security vulnerability exists in CPython that stems from not returning values based on the latest information from the IANA Special-Purpose Address Registries...

Zope 5.9 Command Injection

Vulnerability Report Title: Command Argument Injection Vulnerability in Zope WSGI Instance Creation Script Leading to RCE Description: A command Argument injection vulnerability has been identified in the Zope WSGI instance creation script used by the Zope web application server framework, which ...

Zope 5.9 Command Injection Vulnerability

Vulnerability Report Title: Command Argument Injection Vulnerability in Zope WSGI Instance Creation Script Leading to RCE Description: A command Argument injection vulnerability has been identified in the Zope WSGI instance creation script used by the Zope web application server framework, which ...

The vulnerability of the Python interpreter, related to errors in processing symbolic references, allows attackers to exploit their privileges.

The vulnerability of the Python interpreter is related to errors in processing symbolic references. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created symbolic reference...

BIT-TENSORFLOW-2020-26268 Write to immutable memory region in TensorFlow

In affected versions of TensorFlow the tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the...

BIT-TENSORFLOW-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

The vulnerability of the plistlib module in the Python interpreter allows attackers to execute XXE attacks.

The vulnerability of the plistlib module in the Python interpreter is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

python38:3.8 and python38-devel:3.8 security update

An update is available for python-pluggy, module.python-psycopg2, module.python-more-itertools, module.python-jinja2, module.babel, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, babel,...

The vulnerability of the SSLSocket class interpreter in the Python programming language, which allows attackers to disclose protected information

The vulnerability of the Python programming language interpreter is related to incorrect initialization of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...

CVE-2023-39659

An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool.run component...

Python cpython Security Vulnerabilities

cpython is the Python Foundation's Python interpreter implemented in the C language. Python A security vulnerability exists in version 3.7 of cpython that stems from a crash due to improper reference counting in the asyncio.swapcurrenttask module...

Advisory ROSA-SA-2023-2203

Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation (CVE-2015-4231)

The Python interpreter in Cisco NX-OS 6.28a on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. This plugin only works with Tenable.ot. Please visit...

The vulnerability of the Python programming language interpreter, related to uncontrolled resource consumption, allows attackers to trigger service failures.

The vulnerability of the Python programming language interpreter is related to an uncontrolled consumption of resources. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures...

CVE-2023-37271 RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...

RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape

Impact RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. An attacker with access to a RestrictedPython environment can write code that gets the...