CVE-2023-50423

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

PYSEC-2023-261

SAPBTPSecurity Services Integration Library Pythonsap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-50423 Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6568 via mlflow (>=0.8.2 <=2.9.0)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6568 Source advisory: OSV:PYSEC-2023-260...

PT-2023-31157 · Google · Google-Api-Python-Client

Name of the Vulnerable Software and Affected Versions: PyDrive2 versions prior to 1.16.2 Description: PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserialization will result in arbitrary code execution. A maliciously...

[SECURITY] Fedora 39 Update: python-asyncssh-2.14.1-1.fc39

Python 3 library for asynchronous client and server-side SSH communication. It uses the Python asyncio module and implements many SSH protocol features such as the various channels, SFTP, SCP, forwarding, session multiplexing over a connection and more...

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

Remarshal Security Vulnerability

Remarshal is a python library from the Remarshal Project. A security vulnerability exists in Remarshal versions prior to v0.17.1, which stems from a denial of service DoS when processing untrusted YAML files...

Rocky Linux 8 : python27:2.7 (RLSA-2019:3335)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3335 advisory. - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The...

adyanutils (>=0.4.0 <=0.8.6), apricot-server (>=0.0.6 <=0.1.1) +109 more potentially affected by CVE-2023-46137 via twisted (>=20.3.0 <=23.10.0)

twisted PYPI version =20.3.0, =0.4.0, =0.0.6, =0.2.0, =3.4.1, =1.5.0, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =1.0.0, =0.1.0.dev2, =0.3.4, =1.0.1 and more Source cves: CVE-2023-46137 Source advisory: OSV:PYSEC-2023-224...

CLSA-2023-1697740683 python3: Fix of CVE-2022-48560

CVE-2022-48560: fix posible crash in heapq with custom comparison operators...

CLSA-2023-1696877835 python: Fix of CVE-2022-48565

CVE-2022-48565: Reject XML entity declarations in plist files...

urllib3 Information Disclosure Vulnerability

urllib3 is a Python HTTP library. It features thread-safe connection pooling, file publishing support, and more. An information disclosure vulnerability exists in urllib3 that stems from not stripping cookie request headers during cross-origin redirects, causing HTTP redirects to leak information...

CLSA-2023-1693986821 python3: Fix of 2 CVEs

CVE-2022-48565: Reject XML entity declarations in plist files - CVE-2022-48566: Remove possible time-affected optimization...

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2023-20897 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2023-20897 Source advisory: OSV:PYSEC-2023-166...

[SECURITY] Fedora 37 Update: GitPython-3.1.32-1.fc37

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

[SECURITY] Fedora 38 Update: GitPython-3.1.32-1.fc38

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

USN-6203-2 python-django vulnerability

USN-6203-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 ESM. Original advisory details: Seokchan Yoon discovered that Django incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Django to consu...

GHSA-CF7P-GM2M-833M cryptography mishandles SSH certificates

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...