Fedora: Security Advisory (FEDORA-2024-000a25f3fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: python-openapi-core-0.19.1-3.fc40

Openapi-core is a Python library that adds client-side and server-side support for the OpenAPI v3.0 and OpenAPI v3.1 specification...

Fedora 40 : python-aiohttp / python-openapi-core (2024-000a25f3fc)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-000a25f3fc advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

CVE-2023-6916

CVE-2023-6916 affects Nozomi Guardian/CMC before version 23.4.1. The issue is that audit records for OpenAPI requests may contain sensitive information, creating a path to unauthorized access and privilege escalation. The connected documents explicitly associate this vulnerability with Guardian/C...

CVE-2023-6916 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1

Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation...

Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1

Summary Audit records for OpenAPI requests may include sensitive information. Impact Unauthorized access, privilege escalation. Mitigation Nozomi Networks recommends creating specific users for OpenAPI usage, with only the necessary permissions to access the required data sources. Additionally, i...

aimapper (=0.1.0), aimfast (>=0.1.0 <=1.3.3) +237 more potentially affected by CVE-2023-41334 via astropy (>=1.2.1 <=5.3.2)

astropy PYPI version =1.2.1, =0.1.0, =0.2.0, =0.2.2, =0.7.1, =2.5.0, =0.0.3, =0.0.1, =1.0.1, =0.3.0, =0.0.2, =1.0.0, =1.4.0 and more Source cves: CVE-2023-41334 Source advisory: OSV:GHSA-H2X6-5JX5-46HF...

[SECURITY] Fedora 38 Update: python-fastapi-0.99.0-7.fc38

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

[SECURITY] Fedora 39 Update: python-fastapi-0.103.0-10.fc39

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

BIT-GITLAB-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

Google Extensible Service Proxy 2.20.0 < 2.43.0 Authentication Bypass

Google Extensible Service Proxy ESP is a scalable proxy provided by the Google Cloud Platform GCP used to provide API management features based on an OpenAPI or gRPC API backend. ESP versions starting 2.20.0 and before 2.43.0 suffer from an authentication bypass vulnerability. By crafting a...

Unsafe yaml deserialization in llama-hub

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

Code execution in Embedchain

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...

GHSA-RHHJ-5436-95VF Code execution in Embedchain

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...

GHSA-297X-2QF3-JRJ3 Unsafe yaml deserialization in llama-hub

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

CVE-2024-23731

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

CVE-2024-23731

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...

PYSEC-2024-7

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...

Design/Logic Flaw

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...