RHEL 8 : python39:3.9 (RHSA-2024:8797)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8797 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

aberoth-ephemeris (>=1.0.0 <=1.0.2), adop (>=0.0.1 <=0.0.4) +268 more potentially affected by CVE-2024-49769 via waitress (>=0.8.10 <=3.0.0)

waitress PYPI version =0.8.10, =1.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =1.1.0, =0.1.13, =1.0.2, =0.1.1, =0.0.1, =0.2.0, =0.1.1, =0.1.7 and more Source cves: CVE-2024-49769 Source advisory: OSV:PYSEC-2024-211...

aberoth-ephemeris (>=1.0.0 <=1.0.2), adop (>=0.0.1 <=0.0.4) +214 more potentially affected by CVE-2024-49768 via waitress (>=2.0.0 <=3.0.0)

waitress PYPI version =2.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =1.1.0, =0.1.13, =0.1.1, =0.0.1, =0.2.0, =0.1.1, =0.0.4, =0.1.0 - brython-components =0.3.1 and more Source cves: CVE-2024-49768 Source advisory: SNYK:PYTHON-WAITRESS-8309636...

aberoth-ephemeris (>=1.0.0 <=1.0.2), adop (>=0.0.1 <=0.0.4) +214 more potentially affected by CVE-2024-49768 via waitress (>=2.0.0 <=3.0.0)

waitress PYPI version =2.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =1.1.0, =0.1.13, =0.1.1, =0.0.1, =0.2.0, =0.1.1, =0.0.4, =0.1.0 - brython-components =0.3.1 and more Source cves: CVE-2024-49768 Source advisory: OSV:GHSA-9298-4CF8-G4WJ...

CVE-2024-50602 vulnerabilities

Vulnerabilities for packages: python...

Fedora: Security Advisory (FEDORA-2024-f1615b58e6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-9287 vulnerabilities

Vulnerabilities for packages: python...

academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +318 more potentially affected by CVE-2024-47167 via gradio (>=1.7.7 <=4.8.0)

gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.1.0, =0.8.11, =0.4.0, =0.0.4, =0.7.0.dev134, =0.7.0.dev143 - anymodality =0.1.0 - apillava =0.1.0 and more Source cves: CVE-2024-47167 Source advisory: OSV:GHSA-576C-3J53-R9JJ...

Exploit for SQL Injection in Bplugins Html5_Video_Player

EN A PoC exploit scanner for CVE-2024-5522 vulnerability in Wo...

New PondRAT Malware Hidden in Python Packages Targets Software Developers

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT aka SIMPLESE...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +486 more potentially affected by CVE-2024-5998 via langchain-community (>=0.0.1 <=0.2.2)

langchain-community PYPI version =0.0.1, =0.1.0, =0.0.2, =0.0.1, =0.1.0, =0.0.1, =0.0.18, =0.2.0, =0.0.1, =0.0.2, =0.0.1, =0.0.4a1 - aicat-annotator =0.0.1 and more Source cves: CVE-2024-5998 Source advisory: OSV:GHSA-F2JM-RW3H-6PHG...

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job...

Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack

A new supply chain attack technique targeting the Python Package Index PyPI registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used t...

aws-service-catalog-factory (>=0.102.0 <=0.102.1), aws-service-catalog-puppet (>=0.96.0 <=0.253.0) +68 more potentially affected by CVE-2024-21542 via luigi (>=3.0.0b2 <=3.5.2)

luigi PYPI version =3.0.0b2, =0.102.0, =0.96.0, =0.4.0, =0.0.8, =0.40.0, =1.0.1, =0.4.0, =1.0.0a20, =0.5.0, =0.0.7, =0.1.0, =0.1.0, =0.2.3, =0.1.0, =0.1.12, =0.1.15 and more Source cves: CVE-2024-21542 Source advisory: SNYK:PYTHON-LUIGI-7830489...

CVE-2024-8088 vulnerabilities

Vulnerabilities for packages: python...

RLSA-2024:5533 Important: python3.12-setuptools security update

Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software...

CVE-2024-7592 vulnerabilities

Vulnerabilities for packages: python, nodejs...

CVE-2024-7592 vulnerabilities

Vulnerabilities for packages: python, nodejs...

[SECURITY] Fedora 39 Update: python-setuptools-67.7.2-8.fc39

Setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that...

Fedora: Security Advisory (FEDORA-2024-247e9ba33a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...