Malicious code in guypy (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in getlatency (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in colorfonts (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a local authenticated attacker (CVE-2023-5752)

Summary There is a vulnerability in Python Packaging Authority pip used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority...

BIT-SETUPTOOLS-2022-40897

Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py...

CentOS 9 : python-setuptools-53.0.0-12.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python- setuptools-53.0.0-12.el9 build changelog. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python Packaging Authority pip

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python Packaging Authority pip. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority pip could allow a local authenticated attacker to bypass security restrictions, caus...

OESA-2023-1904 python-wheel security update

A built-package format for Python. A wheel is a ZIP-format archive with a specially formatted filename and the .whl extension. It is designed to contain all the files for a PEP 376 compatible install in a way that is very close to the on-disk format. Security Fixes: An issue discovered in Python...

Medium: python-pip

Issue Overview: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how...

Medium: python-wheel

Issue Overview: An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. CVE-2022-40898 Affected Packages: python-wheel Note: This advisory is applicable to Amazon Linux 2 AL2...

Oracle Linux 9 : python-wheel (ELSA-2023-6712)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6712 advisory. - Security fix for CVE-2022-40898 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...

python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

python39:3.9 and python39-devel:3.9 security update

Cython 0.29.21-5 - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz1877430 modwsgi 4.7.1-5 - Core dumped upon file upload = 1GB Resolves: rhbz2125172 numpy 1.19.4-3 - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz1933055 pybind11 2.7.1-1 - Update...

Malicious code in python-cos-sdk-v5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9d23946b30370561c42df798c468626c8ec508cdf6f0fc22cc34bb67f2fa187e Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

Medium: python-wheel

Issue Overview: An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. CVE-2022-40898 Affected Packages: python-wheel Issue Correction: Run dnf update python-wheel --releaseve...

PT-2023-36197 · Unknown +1 · Python-Pyzmq +1

Name of the Vulnerable Software and Affected Versions: salt versions prior to 3006.0 python-pyzmq versions prior to 17.1.2 Description: The update for salt and python-pyzmq fixes several issues, including collections Mapping issues, conflicts with Salt dependencies versions, and failures due to t...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

EulerOS Virtualization 2.11.0 : python-setuptools (EulerOS-SA-2023-2111)

According to the versions of the python-setuptools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML...

ROS-20230428-05

A vulnerability in Python Packaging Authority installation tools is related to insufficient input validation when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application and perform a denial of service...