CVE-2024-6923 vulnerabilities

Vulnerabilities for packages: python, nodejs...

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer Q&A platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +712 more potentially affected by CVE-2023-33976 via tensorflow (>=1.0.1 <=2.12.0rc1)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.1.0, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =1.8.15, =1.8.17, =0.0.1, =0.1.18, =1.8.14, =2.2.0 and more Source cves: CVE-2023-33976 Source advisory: OSV:GHSA-GJH7-XX4R-X345...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +145 more potentially affected by CVE-2024-39863 via apache-airflow (>=1.8.2 <=2.9.1)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.6.0 and more Source cves: CVE-2024-39863 Source advisory: OSV:PYSEC-2024-189...

aaiopay (>=0.2.1 <=0.2.2), abc-xml-converter (>=1.0.0 <=1.0.1) +2845 more potentially affected by CVE-2024-6345 via setuptools (>=15.2.0 <=69.5.1)

setuptools PYPI version =15.2.0, =0.2.1, =1.0.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.2.6, =1.6.0, =0.0.3, =0.1.1, =0.1.2 and more Source cves: CVE-2024-6345 Source advisory: OSV:GHSA-CX63-2MW6-8HW5...

adede (=4.1.0), aimmo (>=0.57.1 <=1.3.1b671) +155 more potentially affected by CVE-2024-39317 via wagtail (>=2.0.2 <=5.1.3)

wagtail PYPI version =2.0.2, =0.57.1, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =2.0.0, =0.1.29, =0.2.0, =2.0.3, =2.0.7 - draftail-helpers =4.1.0 - draftail-maths =4.1.0 and more Source cves: CVE-2024-39317 Source advisory: OSV:PYSEC-2024-86...

CVE-2024-39329 vulnerabilities

Vulnerabilities for packages: py3-django...

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +235 more potentially affected by CVE-2024-38875 via django (>=5.0.0 <=5.0.6)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2024-38875 Source advisory: OSV:PYSEC-2024-56...

1337x (=1.2.5), 170051277-trab-final-gces (>=0.3.0 <=0.5.0) +2107 more potentially affected by CVE-2024-39689 via certifi (>=2021.5.30 <=2024.6.2)

certifi PYPI version =2021.5.30, =0.3.0, =0.1.0, =0.2.1, =0.1.2, =1.0.0, =1.0.4, =1.0.11, =2.3.0, =1.0.0, =1.0.4 and more Source cves: CVE-2024-39689 Source advisory: OSV:PYSEC-2024-230...

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict (SUSE-SU-2024:1639-2)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1639-2 advisory. This update for python-argcomplete, python-Fabric, python-PyGithub,...

Malicious code in pythn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 18aa9075a46b75fee6201936b78d0c748d02750b892815a4d2fa7530a12a2ae2 --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: funcaptcha-ru Reasons based on the campaign: - infostealer...

Malicious code in pyhton (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f653c901336089ae7849afebe48ba4f93bc53a4ed9d5b3a63e5d49119fa45df7 --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: funcaptcha-ru Reasons based on the campaign: - infostealer...

aaa-ml-datasets-course (=1.0.0), addownloader (>=0.2.3 <=0.2.12) +679 more potentially affected by CVE-2024-39705 via nltk (>=2.0.4 <=3.8.1)

nltk PYPI version =2.0.4, =0.2.3, =0.2.0, =0.0.1, =0.1.0, =0.0.9, =0.17.0, =0.0.1rc1, =0.1.0, =6.1.0, =6.1.4 and more Source cves: CVE-2024-39705 Source advisory: OSV:GHSA-CGVX-9447-VCCH...

aaa-ml-datasets-course (=1.0.0), addownloader (>=0.2.3 <=0.2.12) +679 more potentially affected by CVE-2024-39705 via nltk (>=2.0.4 <=3.8.1)

nltk PYPI version =2.0.4, =0.2.3, =0.2.0, =0.0.1, =0.1.0, =0.0.9, =0.17.0, =0.0.1rc1, =0.1.0, =6.1.0, =6.1.4 and more Source cves: CVE-2024-39705 Source advisory: OSV:PYSEC-2024-167...

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.1.4) potentially affected by CVE-2024-5826 via vanna (>=0.0.30 <=0.0.36)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =0.1.4 Source cves: CVE-2024-5826 Source advisory: OSV:GHSA-RRQQ-FV6M-692M...

adaptive-kmpc-py (>=0.1.0 <=0.1.1), aestetik (=0.1.0) +100 more potentially affected by CVE-2024-5980 via lightning (>=1.8.6 <=2.3.2)

lightning PYPI version =1.8.6, =0.1.0, =1.8.15, =1.8.17, =1.8.14, =0.8.3b20230916, =0.8.3b20230916, =0.8.3b20230916, =0.1.1, =0.0.1, =0.1.0, =0.5.0a1, =0.5.3 and more Source cves: CVE-2024-5980 Source advisory: OSV:GHSA-MR7H-W2QC-FFC2...

autohooks-plugin-pdoc (>=0.1.1 <=0.1.2), bond-order-processing (=1.0.3) +20 more potentially affected by CVE-2024-38526 via pdoc (>=0.3.2 <=14.5.0)

pdoc PYPI version =0.3.2, =0.1.1, =1.0.0, =0.9.3, =0.0.7, =2.5.7, =0.1.1, =0.4.5, =0.2.0, =0.3.0, =0.1.0, =0.1.1 and more Source cves: CVE-2024-38526 Source advisory: OSV:GHSA-5VGJ-GGM4-FG62...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +131 more potentially affected by CVE-2024-37568 via authlib (>=0.10.0 <=1.3.0)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0, =0.0.1, =0.1.0, =1.0.3, =2.0.0, =0.0.59, =0.5.0, =1.6.1, =4.2.0.43, =0.1.0, =0.3.0 and more Source cves: CVE-2024-37568 Source advisory: OSV:PYSEC-2024-52...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +173 more potentially affected by CVE-2024-5187 +1 more via onnx (>=0.2.0 <=1.16.1)

onnx PYPI version =0.2.0, =0.1.0, =0.0.0, =0.0.157, =1.3.0, =0.3.1, =1.3.0, =0.0.9, =0.2.19, =0.0.1, =0.1.0, =0.1.4 - autodistill-yolonas =0.1.1 and more Source cves: CVE-2024-5187, CVE-2025-51480 Source advisory: OSV:GHSA-6RQ9-53C3-F7VJ...