dathost (>=0.1.11 <=1.0.2), depot-dl (=1.0.0) +15 more potentially affected by CVE-2019-17180 via steam (>=0.9.1 <=1.4.4)

steam PYPI version =0.9.1, =0.1.11, =0.1.0, =0.0.6, =0.1.0, =1.0.0, =5.3.2, =0.5.19, =1.0.0, =0.0.7, =1.0.1, =3.0.0, =1.3.0, =0.2.0, =0.9.5 - steamscordbot =0.2.2 and more Source cves: CVE-2019-17180 Source advisory: OSV:PYSEC-2019-125...

SUSE-RU-2019:2505-1 Recommended update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner

This update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner fixes the following issues: python-pip was updated to 10.0.1...

addok (=0.5.0), alo7-airflow (>=1.10.0 <=1.10.0.7) +159 more potentially affected by CVE-2019-14806 via werkzeug (>=0.10.1 <=0.15.2)

werkzeug PYPI version =0.10.1, =1.10.0, =1.10.3, =0.4.3, =0.1.0, =0.1.17, =0.6.7.post3, =0.1.0, =0.1.1, =0.6.4, =0.1.0, =0.1.0, =0.3.3 - clastic =19.0.0 and more Source cves: CVE-2019-14806 Source advisory: OSV:GHSA-GQ9M-QVPX-68HC...

NewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008)

The remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service application crash an...

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +11 more potentially affected by CVE-2019-14233 via django (>=2.1.0 <=2.1.10)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-14233 Source advisory: OSV:PYSEC-2019-12...

abbr (=0.0.0), add-dependencies (=2.3.0) +159 more potentially affected by CVE-2019-1010083 via flask (>=0.10.1 <=0.6.1)

flask PYPI version =0.10.1, =0.26.0, =1.4.15, =0.11.1, =0.4.0, =4.0.0, =1.10.0, =0.1.0, =0.14.0, =0.1.1, =0.1.17, =0.1.0, =1.0.0 - blendedux =0.0.2 and more Source cves: CVE-2019-1010083 Source advisory: OSV:GHSA-5WV5-4VPF-PJ6M...

aimmo (>=0.61.9 <=0.69.1b348), ambition-edc (>=0.3.68 <=0.3.72) +57 more potentially affected by CVE-2019-12308 via django (>=2.2.0 <=2.2.19)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2019-12308 Source advisory: OSV:PYSEC-2019-79...

EulerOS 2.0 SP3 : python (EulerOS-SA-2019-1594)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509...

Updated python packages fix security vulnerability

Updated python packages fix security vulnerability: A 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead CVE-2019-9948...

MGASA-2019-0165 Updated python packages fix security vulnerability

Updated python packages fix security vulnerability: A 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead CVE-2019-9948...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +360 more potentially affected by CVE-2018-7575 via tensorflow (>=1.0.1 <=1.7.0)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.3.1, =0.1.0, =0.4.2, =0.1.0, =0.4.0, =0.1.0, =0.3.1 and more Source cves: CVE-2018-7575 Source advisory: OSV:PYSEC-2019-205...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +355 more potentially affected by CVE-2018-7576 via tensorflow (>=1.0.1 <=1.5.1)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.3.1, =0.1.0, =0.4.2, =0.1.0, =0.4.0, =0.1.0, =0.3.1 and more Source cves: CVE-2018-7576 Source advisory: OSV:GHSA-JFQ2-RJ7F-9GVF...

MGASA-2019-0148 Updated python packages fix security vulnerability

A vulnerability was found in Python 2.x through 2.7.16. An improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization could lead to an Information Disclosure credentials, cookies, etc. that are cached against a given hostname in the urllib.parse.urlsplit,...

MGASA-2019-0135 Updated python3 packages fix security vulnerability

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

ads-api (>=0.1.7.3 <=0.1.7.5), aequitas (>=0.26.0 <=0.34.0) +217 more potentially affected by CVE-2019-7164 via sqlalchemy (>=0.7.7 <=1.3.0b2)

sqlalchemy PYPI version =0.7.7, =0.1.7.3, =0.26.0, =0.1.0, =1.10.0, =0.10.0, =1.10.3, =0.1.6, =1.0.0a0, =1.0.0, =0.0.4, =1.0.1, =0.6.7.post3, =0.0.2, =0.0.9 and more Source cves: CVE-2019-7164 Source advisory: OSV:PYSEC-2019-123...

MGASA-2019-0084 Updated python packages fix security vulnerability

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted...

aequitas (>=0.26.0 <=0.34.0), alembic-viz (=0.1.0) +151 more potentially affected by CVE-2019-7548 via sqlalchemy (>=0.7.7 <=1.2.17)

sqlalchemy PYPI version =0.7.7, =0.26.0, =1.10.0, =0.10.0, =0.1.6, =1.0.0a0, =1.0.0, =0.0.4, =1.0.1, =0.6.7.post3, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.0.6 and more Source cves: CVE-2019-7548 Source advisory: OSV:PYSEC-2019-124...

MGASA-2018-0495 Updated python packages fix security vulnerabilities

Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided CVE-2017-18207. Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service...

abeja-sdk (>=0.2.0rc1 <=1.1.0rc1), abejacli (>=1.0.2 <=1.0.2rc1) +492 more potentially affected by CVE-2018-20060 via urllib3 (>=1.10.2 <=1.22.0)

urllib3 PYPI version =1.10.2, =0.2.0rc1, =1.0.2, =0.18.0.3, =0.70.0, =0.0.1, =0.5.0, =1.1.0rc6, =0.8.0, =0.0.2, =0.1.3, =2.4.1, =2.5.1 and more Source cves: CVE-2018-20060 Source advisory: OSV:PYSEC-2018-32...

2d6io-cryptobot (=0.0.1), aat-downloader (>=0.0.1 <=0.0.3) +889 more potentially affected by CVE-2018-18074 via requests (>=0.13.7 <=2.1.0)

requests PYPI version =0.13.7, =0.0.1, =0.2.0rc1, =1.0.2, =0.4.5, =1.0.0, =0.18.0.3, =0.70.0, =0.0.1, =0.3.3, =1.1.0rc6, =2.0.1 and more Source cves: CVE-2018-18074 Source advisory: OSV:GHSA-X84V-XCM2-53PG...