28 matches found
TencentOS Server 4: python-tqdm (TSSA-2024:0915)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0915 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2024-34062 affecting package python-tqdm for versions less than 4.66.2-2
CVE-2024-34062 affecting package python-tqdm for versions less than 4.66.2-2. A patched version of the package is available...
Ubuntu: Security Advisory (USN-7216-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 22.04 LTS / 24.04 LTS : tqdm vulnerability (USN-7216-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7216-1 advisory. It was discovered that tqdm did not properly sanitize non-boolean CLI Arguments. A local attacker could possibly use this issue to execute arbitrary...
Security Bulletin: IBM QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...
Mageia: Security Advisory (MGASA-2024-0299)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:1872-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: python-tqdm
Issue Overview: tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version...
Amazon Linux 2023 : python3-tqdm (ALAS2023-2024-690)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-690 advisory. tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. Th...
CVE-2024-34062 affecting package conda for versions less than 24.1.2-2
CVE-2024-34062 affecting package conda for versions less than 24.1.2-2. An upgraded version of the package is available that resolves this issue...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
CBL Mariner 2.0 Security Update: python-tqdm (CVE-2024-34062)
The version of python-tqdm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34062 advisory. - tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in tqdm (CVE-2024-34062)
Summary A vulnerability in tqdm used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-34062 DESCRIPTION: tqdm could allow a local authenticated attacker to execute arbitrary code on the system, caused by a CLI arguments injection . By sending a specially crafte...
CVE-2024-34062 affecting package python-tqdm for versions less than 4.63.1-3
CVE-2024-34062 affecting package python-tqdm for versions less than 4.63.1-3. A patched version of the package is available...
Fedora: Security Advisory (FEDORA-2024-ef71921bde)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-35acb3b48f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-tqdm (FEDORA-2024-24e4bba70f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : python-tqdm (2024-24e4bba70f)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-24e4bba70f advisory. Address CVE-2024-34062 local code execution Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
2404-segmentation-pipeline (>=0.1.0 <=1.0.0), 3deecelltracker (>=0.5.0a0 <=0.5.2a0) +2323 more potentially affected by CVE-2024-34062 via tqdm (>=4.50.0 <=4.66.2)
tqdm PYPI version =4.50.0, =0.1.0, =0.5.0a0, =0.0.3, =0.0.2, =0.0.5, =1.0.0, =2.0.0, =0.0.1b1, =0.7.1, =0.11.0 - ac-solver =0.1.0 and more Source cves: CVE-2024-34062 Source advisory: OSV:GHSA-G7VV-2V7X-GJ9P...
CVE-2024-34062
A flaw was found in python-tqdm. When processing non-boolean command line arguments, python-tqdm uses python's eval function but fails to properly sanitize the input provided by the user. This flaw allows an attacker to trick a user into running python-tqdm with crafted command line arguments,...