798 matches found
CVE-2024-29189
PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/productinstance.py, upon calling this method startprogram directly, users could exploit its usage to perform malicious operations on the current...
Gradio 跨站请求伪造漏洞
Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a cross-site request forgery vulnerability that stems from vulnerability to cross-site request forgery attacks...
RPyC Security Vulnerabilities
RPyC is a symmetric RPC Remote Procedure Call library for Python. A security vulnerability exists in RPyC versions prior to 6.0.0 that stems from a remote code execution vulnerability when using numpy.array on the server side...
[SECURITY] Fedora 40 Update: python-javaobj-0.4.3-12.fc40
python-javaobj is a python library that provides functions for reading and writing writing is WIP currently Java objects serialized or will be deserialized by ObjectOutputStream. This form of object representation is a standard data interchange format in Java world...
PT-2024-2537 · Rpyc +1 · Rpyc +1
Name of the Vulnerable Software and Affected Versions: RPyC versions prior to 6.0.0 Description: The issue is related to the netref component of the RPyC Python library, which has an incorrect security check for standard elements. This can allow a remote attacker to execute arbitrary code by...
acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +154 more potentially affected by CVE-2024-27319 via onnx (>=0.2.0 <=1.15.0)
onnx PYPI version =0.2.0, =0.1.0, =0.0.0, =0.0.157, =1.3.0, =0.0.9, =0.2.19, =0.0.1, =0.1.0, =0.0.0, =1.0.45, =1.44.0, =1.55.0 and more Source cves: CVE-2024-27319 Source advisory: OSV:PYSEC-2024-223...
AZL-43006 CVE-2023-6681 affecting package python-jwcrypto 0.6.0-9
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...
agsekit (>=0.0.1 <=1.7.1), ansible (>=8.0.0 <=8.7.0) +19 more potentially affected by CVE-2024-0690 via ansible-core (>=2.15.0 <=2.15.6)
ansible-core PYPI version =2.15.0, =0.0.1, =8.0.0, =2.1.0, =1.1.7, =1.5.28, =0.0.6, =0.1.0, =3.7.4, =0.1.0, =15.0.0, =0.2.0, =0.1.0, =0.1.6 and more Source cves: CVE-2024-0690 Source advisory: OSV:PYSEC-2024-36...
python-urllib3: Cookie request header isn't stripped during cross-origin redirects
A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42773 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)
aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23334 Source advisory: OSV:PYSEC-2024-24...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42782 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23829 Source advisory: OSV:GHSA-8QPW-XQXJ-H4R2...
python-urllib3: Cookie request header isn't stripped during cross-origin redirects
A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...
USN-6595-1: PyCryptodome vulnerability
It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information...
ecdsa Security Vulnerabilities
python-ecdsa is a signature verification plugin for Python. A security vulnerability exists in ecdsa 0.18.0 and earlier versions, which stems from vulnerability to Minerva attacks...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update
An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update
An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
CLSA-2024-1705080095 python: Fix of CVE-2023-40217
CVE-2023-40217: Fix TLS handshake bypass...
fontTools Code Issue Vulnerability
fontTools is a library written in Python for manipulating fonts. A code issue vulnerability exists in fontTools versions prior to 4.43.0. An attacker can exploit this vulnerability to run arbitrary files from fontTools' filesystem...
[SECURITY] Fedora 38 Update: python-pysqueezebox-0.5.5-11.fc38
Python library to control a Logitech Media Server asynchronously...
Gradio Command Injection Vulnerability
Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a command injection vulnerability that stems from the application exposing sensitive information to unauthorized participants...