Lucene search
K

11 matches found

OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2025-fba1b24e4b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.00589EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2025-5f2c19dd2d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.00589EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2025/03/10 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2025-2215919645)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.4AI score0.00589EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.5 views

Fedora 41 : python-spotipy (2025-fba1b24e4b)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-fba1b24e4b advisory. update to version 2.25.1, CVE-2025-27154 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

9.8CVSS7AI score0.00589EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.5 views

Fedora 40 : python-spotipy (2025-2215919645)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2215919645 advisory. update to version 2.25.1, CVE-2025-27154 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

9.8CVSS7AI score0.00589EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/02/28 2:34 a.m.5 views

discogrify (>=0.0.10 <=0.0.11), djtools (>=2.6.0 <=2.7.13rc13) +34 more potentially affected by CVE-2025-27154 via spotipy (>=2.10.0 <=2.25.0)

spotipy PYPI version =2.10.0, =0.0.10, =2.6.0, =0.0.3, =0.0.1, =0.2.0, =0.1.1, =0.1.0, =0.0.2.dev4, =0.2.0, =0.2.6 and more Source cves: CVE-2025-27154 Source advisory: OSV:GHSA-PWHH-Q4H6-W599...

9.8CVSS7AI score0.00589EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/27 8:56 p.m.7 views

CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

7.1CVSS6AI score0.00589EPSS
Exploits1References7
NVD
NVD
added 2025/02/27 2:15 p.m.10 views

CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

9.8CVSS0.00589EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/02/27 1:53 p.m.6 views

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

8.4CVSS6.3AI score0.00589EPSS
Exploits1References4
CVE
CVE
added 2025/02/27 1:53 p.m.114 views

CVE-2025-27154

CVE-2025-27154 affects Spotipy’s CacheHandler file permissions. Before version 2.25.1, the cache file is created with 644 permissions by default, exposing the Spotify auth token to other users or processes on the same machine. Version 2.25.1 tightens permissions to 600, reducing token exposure. T...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/02/27 1:53 p.m.31 views

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

8.4CVSS0.00589EPSS
Exploits1References4
Rows per page
Query Builder