19 matches found
Astra Linux - уязвимость в python3.11, python3.7
A vulnerability has been identified in the CPython venv module and CLI. This vulnerability arises from improper quoting of path names when creating a virtual environment. As a result, attackers can inject commands into the virtual environment “activation” scripts e.g., using “source...
MiracleLinux 7 : python3-3.6.8-21.0.3.el7.AXS7 (AXSA:2025-9726:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9726:01 advisory. - CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts CVEs: CVE-2024-9287 A vulnerability has been...
EUVD-2024-50376
Malicious code in bioql PyPI...
Medium: python3
Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
OESA-2024-2484 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
OESA-2024-2483 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
OESA-2024-2482 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
OESA-2024-2481 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
DEBIAN-CVE-2024-9287
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
AZL-50926 CVE-2024-9287 affecting package python3 for versions less than 3.12.9-1
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
UBUNTU-CVE-2024-9287
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
Python 代码问题漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python that stems from a vulnerability found in the venv module and CLI, where...
PT-2024-39544
Name of the Vulnerable Software and Affected Versions CPython versions prior to 3.13.0 Description A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into...
Online Courseware SQL注入漏洞
DPEC Online Courseware is an online courseware system from DPEC Corporation. A SQL injection vulnerability exists in version 1.0 of Online Courseware, which originates from the selector parameter in the admin/activateall.php file and can be exploited for SQL injection attacks...