DEBIAN-CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

OPENSUSE-SU-2024:11254-1 python36-pydantic-1.8.2-1.2 on GA media

These are all security issues fixed in the python36-pydantic-1.8.2-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11264-1 python36-pyzmq-22.2.1-1.4 on GA media

These are all security issues fixed in the python36-pyzmq-22.2.1-1.4 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12408-1 python310-httptools-0.5.0-1.1 on GA media

These are all security issues fixed in the python310-httptools-0.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11248-1 python36-openpyxl-3.0.7-1.2 on GA media

These are all security issues fixed in the python36-openpyxl-3.0.7-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12318-1 python310-pydantic-1.10.2-1.1 on GA media

These are all security issues fixed in the python310-pydantic-1.10.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11256-1 python36-pymongo-3.11.4-1.2 on GA media

These are all security issues fixed in the python36-pymongo-3.11.4-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13993-1 python310-PyMySQL-1.1.1-1.1 on GA media

These are all security issues fixed in the python310-PyMySQL-1.1.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13214-1 python310-wheel-0.41.2-2.1 on GA media

These are all security issues fixed in the python310-wheel-0.41.2-2.1 package on the GA media of openSUSE Tumbleweed...

PYSEC-2022-43077

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

PYSEC-2022-43119

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43074

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43111

The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

PYSEC-2022-43101

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

PT-2022-25373 · Pypi · Democritus-Networking +1

Name of the Vulnerable Software and Affected Versions: d8s-urls version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-urls package for Python, distributed on PyPI. The democritus-networking package is also identified as a potential code executio...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41217 via tensorflow-gpu (>=1.10.1 <=2.4.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41217 Source advisory: OSV:PYSEC-2021-824...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +93 more potentially affected by CVE-2021-29550 via tensorflow-cpu (>=1.15.0 <=2.2.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.0.1, =0.3.3 - cemotion-apple =0.0.7 and more Source cves: CVE-2021-29550 Source advisory: OSV:PYSEC-2021-478...

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +114 more potentially affected by CVE-2021-26697 via apache-airflow (>=1.10.1 <=2.0.0rc3)

apache-airflow PYPI version =1.10.1, =0.1.0rc3, =0.1.0, =1.0.7, =0.5.1, =0.1.0, =0.1.1, =0.0.7, =2.4.2, =1.0.1, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.2.1, =1.6.2 and more Source cves: CVE-2021-26697 Source advisory: OSV:PYSEC-2021-3...

ai4bharat-transliteration (>=1.1.0 <=1.1.3), aipack (>=0.0.1 <=0.0.5) +53 more potentially affected by CVE-2020-15203 via tensorflow (>=2.0.0 <=2.0.1)

tensorflow PYPI version =2.0.0, =1.1.0, =0.0.1, =0.1.3.2, =0.2.6, =0.2.0, =0.0.2, =1.0.0.1, =0.0.1, =1.0.4, =0.6.0.post3, =0.1.3, =1.0.0, =1.0.1 and more Source cves: CVE-2020-15203 Source advisory: OSV:PYSEC-2020-126...

MGASA-2017-0032 Updated python-pycrypto packages fix security vulnerabilities

This is a security fix for a possible Buffer overflow. AES.new with invalid parameter crashes python. The IV parameter is currently ignored when initializing a cipher in ECB or CTR mode. There was a bug in pycrypto which could be exploited to get a shell...