py27-setuptools44 -- denial of service vulnerability

SCH227 reports: Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page du...

CVE-2022-40898

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

PT-2022-7152 · Python Packaging Authority +7 · Wheel +7

Name of the Vulnerable Software and Affected Versions: Python Packaging Authority PyPA Wheel versions 0.37.1 and earlier Description: The issue is related to an uncontrolled resource consumption in the Python Packaging Authority PyPA Wheel, which can be exploited by a remote attacker to cause a...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-41885 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-41885 Source advisory: OSV:GHSA-762H-VPVW-3RCX...

new packages: python-packaging

An update is available for python-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Fedora: Security Advisory for pipenv (FEDORA-2022-77ce20f03a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +96 more potentially affected by CVE-2021-41197 via tensorflow-cpu (>=1.15.0 <=2.4.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2021-41197 Source advisory: OSV:PYSEC-2021-607...

alcali (>=2018.3.4 <=3000.1.0), archivebox (>=0.4.6 <=0.4.21) +216 more potentially affected by CVE-2021-33571 via django (>=3.0.0 <=3.1.11)

django PYPI version =3.0.0, =2018.3.4, =0.4.6, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.0.1, =0.0.32, =0.0.33 and more Source cves: CVE-2021-33571 Source advisory: OSV:GHSA-P99V-5W3C-JQQ9...

aa-structuretimers (=1.2.2), admin-tool-button (>=1.0.1a0 <=1.0.5a0) +1093 more potentially affected by CVE-2021-33203 via django (>=3.2.0 <=3.2.3)

django PYPI version =3.2.0, =1.0.1a0, =1.4.2, =5.10.1, =2022.9.19, =2.0.0, =0.0.1, =1.0.0, =1.0.6, =3.2.17.0, =1.0.0a4.dev0, =2023.1.0.dev0 and more Source cves: CVE-2021-33203 Source advisory: OSV:GHSA-68W8-QJQ3-2GFM...

USN-4961-1 python-pip vulnerability

It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository...

new module: python39:3.9

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, modwsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil,...

SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3865-1)

This update for python36 fixes the following issues : CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen bsc1155094 CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262. CVE-2020-27619: Fixed an issue where the CJK codec tests call eval on...

adapt-diagnostics (=1.2.0), adversarial-friend (=1.1.8) +63 more potentially affected by CVE-2020-15205 via tensorflow (=2.3.0)

tensorflow PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - adapt-diagnostics =1.2.0 - adversarial-friend =1.1.8 - aliby-baby =0.1.0, =0.0.1a0, =0.0.1, =1.0.1.0, =0.1.0, =2.0.0, =0.1.0, =0.0.17, =0.1...

SUSE-RU-2019:2627-1 Recommended update for python-setuptools and dependend packages

All changes necessary for upgrade of python-setuptools to 40.6.2 bsc1075812 New packages: - python-cachetools - python-google-auth - python-packaging Rebuilt without source changes: - python-cffi - python-cliff - python-mock - python-oauthlib - python-pbr - python-PyJWT - python-pytest Added...