Critical Photon OS Security Update - PHSA-2024-5.0-0434

Updates of 'python3-tornado', 'python-jinja2', 'python3-webob', 'python-requests', 'python-werkzeug', 'python-virtualenv', 'python-tornado', 'python-webob', 'python3', 'python3-werkzeug', 'python-gevent', 'python3-jinja2' packages of Photon OS have been released...

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself...

3di-cmd-client (>=0.0.1a0 <=0.0.3), a-api-server (=1.3.0) +4507 more potentially affected by CVE-2024-56326 via jinja2 (>=2.10.0 <=3.1.4)

jinja2 PYPI version =2.10.0, =0.0.1a0, =0.1.22, =1.0.2, =0.0.2, =3.0.0, =0.0.0, =0.0.1, =0.8.44.4, =0.9.2.1rc2 and more Source cves: CVE-2024-56326 Source advisory: OSV:GHSA-Q2X7-8RV6-6Q7H...

Security Bulletin: IBM Fusion HCI Installer is vulnerable to arbitrary code execution, gaining of elevated privileges, obtaining sensitive information, and denial of service due to various Python packages

Summary The IBM Fusion Installer is affected by vulnerabilities in Ansible and Python packages dnspython, requests, certifi and idna. Vulnerabilities include arbitrary code execution, gaining of elevated privileges, obtaining sensitive information, and denial of service. CVE-2023-5764,...

RHEL 9 : python3.9:3.9.21 (RHSA-2024:10983)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:10983 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

SUSE SLES15 Security Update : SUSE Manager Salt Bundle (SUSE-SU-2024:4021-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4021-1 advisory. venv-salt-minion: - Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with...

Oracle Linux 8 : python36:3.6 (ELSA-2024-10953)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10953 advisory. python36 python-distro python-docs python-docutils python-nose python-pygments python-pymongo python-PyMySQL python-sqlalchemy python-virtualenv 15.1.0-23 -...

artd-customer (>=0.0.20 <=0.0.23), artd-location (>=0.0.13 <=0.0.21) +62 more potentially affected by CVE-2024-53907 via django (>=5.0.0 <=5.0.1)

django PYPI version =5.0.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =24.1.1, =24.2.0 and more Source cves: CVE-2024-53907 Source advisory: OSV:GHSA-8498-2H75-472J...

artd-customer (>=0.0.20 <=0.0.23), artd-location (>=0.0.13 <=0.0.21) +62 more potentially affected by CVE-2024-53908 via django (>=5.0.0 <=5.0.1)

django PYPI version =5.0.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =24.1.1, =24.2.0 and more Source cves: CVE-2024-53908 Source advisory: OSV:GHSA-M9G8-FXXM-XG86...

5dee (=0.1.0), a5py (>=0.1.0 <=0.1.1) +483 more potentially affected by unknown CVE via gdal (>=3.0.1 <=3.9.0)

gdal PYPI version =3.0.1, =0.1.0, =0.0.1, =0.9.0, =0.6.1, =0.1.2, =0.1.1a2, =1.0.1, =1.0.0, =1.9.3, =0.2.0, =1.6.2, =0.0.1, =0.0.5 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-GDAL-8445271...

autonomize-model-sdk (=1.0.4), autorad (=0.2.6) +37 more potentially affected by CVE-2024-27134 via mlflow (>=2.0.0rc0 <=2.15.1)

mlflow PYPI version =2.0.0rc0, =0.1.3, =1.2.0, =0.8.0, =0.0.10, =1.0.0, =0.0.1, =0.1.0, =1.10.2, =0.1.2, =1.2.7, =0.1.0, =0.1.1, =0.1.5 - justmltools =3.9.3 and more Source cves: CVE-2024-27134 Source advisory: SNYK:PYTHON-MLFLOW-8400874...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1431 more potentially affected by CVE-2024-11392 via transformers (>=4.0.0 <=4.47.1)

transformers PYPI version =4.0.0, =0.1.1, =0.1.0, =0.0.3, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 - advtok =0.0.2 and more Source cves: CVE-2024-11392 Source advisory: SNYK:PYTHON-TRANSFORMERS-8400822...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1431 more potentially affected by CVE-2024-11393 via transformers (>=4.0.0 <=4.47.1)

transformers PYPI version =4.0.0, =0.1.1, =0.1.0, =0.0.3, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 - advtok =0.0.2 and more Source cves: CVE-2024-11393 Source advisory: SNYK:PYTHON-TRANSFORMERS-8400823...

CVE-2024-11168 vulnerabilities

Vulnerabilities for packages: python...

CVE-2024-11168 vulnerabilities

Vulnerabilities for packages: python...

agsekit (>=0.0.1 <=1.7.1), amscrot-py (>=1.0.0 <=1.0.0.post18) +63 more potentially affected by CVE-2024-11079 via ansible-core (>=2.11.0 <=2.16.6)

ansible-core PYPI version =2.11.0, =0.0.1, =1.0.0, =6.0.0, =3.1.2, =1.1.2, =1.0.2, =1.0.4.1233rc0, =0.1.4, =6.0.0, =8.0.0, =8.1.1 and more Source cves: CVE-2024-11079 Source advisory: SNYK:PYTHON-ANSIBLECORE-8366738...

RHEL 8 : python39:3.9 (RHSA-2024:6220)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6220 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RHEL 8 : python39:3.9 (RHSA-2024:7137)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:7137 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

ace-step (=0.1.0), agentic-reliability-framework (>=2.0.0 <=2.0.2) +223 more potentially affected by CVE-2024-51751 via gradio (>=5.0.0 <=5.50.0)

gradio PYPI version =5.0.0, =2.0.0, =0.3.2, =0.1.1, =0.6.0, =0.1.4, =0.0.1, =0.0.1, =0.2.0, =0.1.1, =1.0.1, =1.3.1 and more Source cves: CVE-2024-51751 Source advisory: SNYK:PYTHON-GRADIO-8349640...

ansible (>=6.0.0 <=7.7.0), ansible-doctor (>=3.1.2 <=3.1.3) +35 more potentially affected by CVE-2024-9902 via ansible-core (>=2.11.0 <=2.14.18)

ansible-core PYPI version =2.11.0, =6.0.0, =3.1.2, =1.1.2, =1.0.2, =1.0.4.1233rc0, =6.0.0, =8.0.0, =1.0.0, =1.4.1, =0.0.1, =0.2.0, =0.4.0 and more Source cves: CVE-2024-9902 Source advisory: SNYK:PYTHON-ANSIBLECORE-8349549...