RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2023:4004)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4004 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

aib2ofx (>=0.70.0a1 <=0.71.1), cooar-cli (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2023-34457 via mechanicalsoup (>=0.10.0 <=0.9.0.post4)

mechanicalsoup PYPI version =0.10.0, =0.70.0a1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.2.3, =0.4.11, =0.4.12 Source cves: CVE-2023-34457 Source advisory: OSV:PYSEC-2023-108...

SUSE-SU-2023:2783-1 Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets

This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack,...

aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +254 more potentially affected by CVE-2023-36053 via django (>=4.0.0 <=4.1.1)

django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =3.1.1, =3.6.4, =0.10.0, =1.1.2, =0.6.3, =0.9.3 and more Source cves: CVE-2023-36053 Source advisory: OSV:GHSA-JH3W-4VVF-MJGR...

New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries

In what's a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. "Malicious binaries steal the user IDs, passwords, local machine...

MGASA-2023-0186 Updated python-reportlab packages fix security vulnerability

Updates python3-reportlab includes a security fix and other minor bug fixes. See references for details...

accord-nlp (>=0.1.0 <=0.1.8), adamix-gpt2 (>=0.0.1 <=0.0.2) +561 more potentially affected by CVE-2023-2800 via transformers (>=2.10.0 <=4.2.2)

transformers PYPI version =2.10.0, =0.1.0, =0.0.1, =0.3.0, =0.1.0, =0.1.0, =0.0.8, =0.0.4, =0.0.4, =0.0.11, =1.8.20, =0.0.3, =1.9.0, =1.0.0, =1.1.0 and more Source cves: CVE-2023-2800 Source advisory: OSV:GHSA-282V-666C-3FVG...

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-32058 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-32058 Source advisory: OSV:PYSEC-2023-78...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +147 more potentially affected by CVE-2023-30172 via mlflow (>=0.8.2 <=2.0.0rc0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2023-30172 Source advisory: OSV:PYSEC-2023-70...

[SECURITY] Fedora 36 Update: python-setuptools-59.6.0-4.fc36

Setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that...

MGASA-2023-0140 Updated python-certifi packages fix security vulnerability

Disable bundled Trustcor root cerificate signatures generated after Wednesday November 30 00:00:00 2022. CVE-2022-23491...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Multiple Vulnerabilities (NS-SA-2023-0008)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by multiple vulnerabilities: - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

aws-syndicate (>=0.9.2 <=1.9.4), bcipy (>=1.1.1 <=1.4.2) +40 more potentially affected by CVE-2023-26112 via configobj (>=5.0.0 <=5.0.8)

configobj PYPI version =5.0.0, =0.9.2, =1.1.1, =0.4.1, =1.0.0, =1.0.0, =1.7.0, =0.0.2, =0.1.5, =0.1.2, =0.0.26, =0.1.0, =2.1.0, =0.1.5, =0.1.14, =2018.4.2.1 and more Source cves: CVE-2023-26112 Source advisory: OSV:GHSA-C33W-24P9-8M24...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +607 more potentially affected by CVE-2023-25661 via tensorflow (>=1.0.1 <=2.11.0rc2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =0.0.1, =0.2.0, =0.3.1, =0.5.1 and more Source cves: CVE-2023-25661 Source advisory: OSV:GHSA-FXGC-95XX-GRVQ...

ad-sdl-wei (>=0.5.1 <=0.5.4), addok (>=1.1.0 <=1.1.0rc2) +94 more potentially affected by CVE-2023-28858 via redis (>=4.2.0 <=4.3.5)

redis PYPI version =4.2.0, =0.5.1, =1.1.0, =22.5.13, =0.1.1, =0.5.0, =3.2.0, =1.0.0, =0.5.0, =0.1.0, =2.0.3, =0.1.2, =0.1.15 - croudtech-python-aws-app-config =1.1.13 and more Source cves: CVE-2023-28858 Source advisory: OSV:GHSA-24WV-MV5M-XV4H...

an-website (>=22.12.28 <=23.2.6), anoteai (>=0.10.0 <=0.20.0) +26 more potentially affected by CVE-2023-28858 via redis (>=4.4.0 <=4.4.2)

redis PYPI version =4.4.0, =22.12.28, =0.10.0, =0.8.2, =0.1.17, =0.0.10, =1.8.1, =0.5.0rc1, =0.0.122, =0.104.0rc1, =0.7.2, =0.31.0, =1.0.2, =1.1.1 - lemur =1.3.1 and more Source cves: CVE-2023-28858 Source advisory: OSV:PYSEC-2023-45...

ad-sdl-wei (>=0.5.1 <=0.5.4), addok (>=1.1.0 <=1.1.0rc2) +143 more potentially affected by CVE-2023-28859 via redis (>=4.2.0 <=4.4.3)

redis PYPI version =4.2.0, =0.5.1, =1.1.0, =1.2.0a20250730, =2.2.1, =22.5.13, =0.1.1, =0.10.0, =0.2.0, =0.5.0, =22.6.0b4, =22.6.0b4, =22.6.0b4, =22.9.5, =23.3.2 and more Source cves: CVE-2023-28859 Source advisory: OSV:PYSEC-2023-46...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +607 more potentially affected by CVE-2023-25801 via tensorflow (>=1.0.1 <=2.11.0rc2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =0.0.1, =0.2.0, =0.3.1, =0.5.1 and more Source cves: CVE-2023-25801 Source advisory: OSV:GHSA-F49C-87JH-G47Q...

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index PyPI repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and...

Malicious code in esqccstringmask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ad3667ef6b7620604468e627b774f2339b75086dc8eb705cbaaa95acd784e178 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...