ddpg-tf2 (=1.0.1), rpnet (>=0.0.1 <=0.1.0) +6 more potentially affected by CVE-2022-23593 via tensorflow-gpu (>=2.7.0 <=2.7.2)

tensorflow-gpu PYPI version =2.7.0, =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23593 Source advisory: OSV:PYSEC-2022-157...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23562 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23562 Source advisory: OSV:PYSEC-2022-126...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23574 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23574 Source advisory: OSV:PYSEC-2022-83...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-21739 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-21739 Source advisory: OSV:PYSEC-2022-63...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-21725 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-21725 Source advisory: OSV:PYSEC-2022-104...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-21736 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-21736 Source advisory: OSV:PYSEC-2022-60...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-21731 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-21731 Source advisory: OSV:PYSEC-2022-55...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23568 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23568 Source advisory: OSV:PYSEC-2022-77...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-21728 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-21728 Source advisory: OSV:PYSEC-2022-52...

aiohttp-init (=0.0.1), airhttprunner (>=3.1.4 <=3.1.6) +152 more potentially affected by CVE-2022-0338 via loguru (>=0.2.4 <=0.5.2)

loguru PYPI version =0.2.4, =3.1.4, =0.1.5, =0.1.1, =2.0.0, =0.2.3, =4.6.4, =2.3.2, =0.39.0, =0.52.0 and more Source cves: CVE-2022-0338 Source advisory: OSV:GHSA-39PH-WR67-J4XQ...

ang (=0.0.2), astx (>=0.5.0 <=0.6.0) +5 more potentially affected by CVE-2022-21699 via ipython (>=8.0.0 <=8.0.0rc1)

ipython PYPI version =8.0.0, =0.5.0, =1.3.0, =0.1.23, =0.1.3, =0.1.5 - quantum-viz =1.0.3 Source cves: CVE-2022-21699 Source advisory: OSV:GHSA-PQ7M-3GW7-GQ5X...

ang (=0.0.2), astx (>=0.5.0 <=0.6.0) +5 more potentially affected by CVE-2022-21699 via ipython (>=8.0.0 <=8.0.0rc1)

ipython PYPI version =8.0.0, =0.5.0, =1.3.0, =0.1.23, =0.1.3, =0.1.5 - quantum-viz =1.0.3 Source cves: CVE-2022-21699 Source advisory: OSV:PYSEC-2022-12...

1942pyc (=7.0.1), 3robotics (=0.0.1) +3254 more potentially affected by CVE-2021-45958 via ujson (>=4.0.2 <=5.12.1)

ujson PYPI version =4.0.2, =0.11.0, =0.10.0, =0.10.0, =0.1.0, =0.1.0, =0.10.0, =0.11.0 - a-pandas-ex-intersection-difference =0.1.0 and more Source cves: CVE-2021-45958 Source advisory: OSV:PYSEC-2022-25...

a3m (=0.1.0), acdh-collatex-utils (>=0.2.0 <=1.3.0) +700 more potentially affected by CVE-2021-43818 via lxml (>=3.2.3 <=4.6.4)

lxml PYPI version =3.2.3, =0.2.0, =1.0.0, =3.0.0, =0.1.0, =1.0.3, =1.0.0a1.post0, =1.10.0, =0.0.4, =0.0.14 and more Source cves: CVE-2021-43818 Source advisory: OSV:GHSA-55X5-FJ6C-H6M8...

A week in security (Nov 15 – Nov 21)

Last week on Malwarebytes Labs Instagram’s memorialize feature abused to memorialize…Instagram’s boss Evasive manoeuvres: HTML smuggling explained FBI server hijacked to send up to 100,000 bogus attack mails New Mac malware raises more questions about Apple’s security patching SharkBot Android...

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index PyPI repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion...

Antilles 代码问题漏洞

Lenovo Antilles is an open-source infrastructure management software for high performance computing Hpc from Lenovo, China. A security vulnerability exists in versions of Antilles open-source software prior to 1.0.1, which stems from the non-existence of packages listed in requirements.txt in the...

CentOS 8 : python27:2.7 (CESA-2021:4151)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4151 advisory. - python: Unsafe use of eval on data retrieved via HTTP in the test suite CVE-2020-27619 - python-jinja2: ReDoS vulnerability in the urlize filter...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4817 more potentially affected by CVE-2021-41195 via tensorflow (>=1.0.1 <=2.4.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2021-41195 Source advisory: OSV:GHSA-CQ76-MXRC-VCHH...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41206 via tensorflow (>=2.6.0 <=2.6.0rc2)

tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41206 Source advisory: OSV:GHSA-PGCQ-H79J-2F69...