OESA-2025-2287 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 3 Summary: A...

MAL-2025-41703 Malicious code in mozilla (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41678 Malicious code in fquant (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in aiohttp-proxies-forked (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47774 Malicious code in importsetup (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 07d601622d7b27ef8baa4ec8ef05e06c283dd18ace0fba3a856f3a5adbdce69e Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Moderate: Red Hat Security Advisory: python3.11-setuptools security update

An update for python3.11-setuptools is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

MAL-2025-41675 Malicious code in flask-tdg-cyber (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ec9e25f8f416bf20ca51977e1d4e001cf398d79dee777ff3b12b04cab6345292 Package is prepared for exfiltration of detailed data about the running system. The exact behaviour depends on the version: some does nothing, some exfiltrate...

Malicious code in puttytitle (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in iconnect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e53aae69656f138607d0de8abe11d4b48ed6156875f07ec0da7485dd776f7158 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

python3.12-packaging bug fix and enhancement update

An update is available for python3.12-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +23299 more potentially affected by CVE-2025-32434 via torch (>=2.0.0 <=2.5.1)

torch PYPI version =2.0.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.10.5, =0.10.13 and more Source cves: CVE-2025-32434 Source advisory: SNYK:PYTHON-TORCH-9788071...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details CVEID:CVE-2024-31883 DESCRIPTION: IBM Security Verify Access, under certain configurations, could allow an unauthenticated...

Linux Distros Unpatched Vulnerability : CVE-2022-40898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled inp...

Malicious code in reqeuts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7f01ab0a32efcdc5ca1ef531f49392818b05b088503759e97611a529f61c37e5 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10)

The version of AOS installed on the remote host is prior to 6.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10 advisory. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. ...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.1.5)

The version of AOS installed on the remote host is prior to 6.8.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.1.5 advisory. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than...

Malicious code in httpsmovements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1f6e48eea4c63cfcc19e892d140b0b70a48f1041c559effbaae92184fda61bc5 In the invokehttp, the init.py contains obfuscated code attempting to download and run one of two executables. They are identified as malicious by VT and the...

Malicious code in pckaging (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 22d95e82784e0b931da5081722f930a6c3acedcaec6688e70859941b9f2963f4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in appetize-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7f0791abf81cd0c979559b6938727478a6af6e21ceb08371567a9e0347b1e079 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in pycerial (PyPI)

--- -= Per source details. Do not edit below this line.=-...