Malicious code in jupyter-pytest-fi-console (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5287 Malicious code in jupyter-pytest-fi-console (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CLSA-2024-1718192341 Update of alt-php

Bump epoch Disable ESM notification after installation: - remove ESM hook for apt-system - remove ESM infra/apps repositories from apt sources list Automatically mark some pytest to skip if FIPS kernel is running in a disabled state they always fail in this mode...

Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. - Fix CVE-2021-20095 Resolves: rhbz1955615 - Fix CVE-2019-6446 - Fix CVE-2014-1858, CVE-2014-1859: 1062009, 1062359 - Security fix for CVE-2022-48560...

python27:2.7 security update

babel 2.5.1-10 - Fix CVE-2021-20095 Resolves: rhbz1955615 2.5.1-9 - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz1695587 2.5.1-8 - Fix unversioned requires/buildrequires - Resolves: rhbz1628242 2.5.1-7 - Remove unversioned binaries - Resolves: rhbz1613343 2.5.1-6 - Make...

RHEL 8 : python27:2.7 (RHSA-2023:5990)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5990 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

esp-flasher (>=1.1.1 <=1.1.2), esphome (>=1.12.0 <=2023.12.9) +15 more potentially affected by CVE-2023-46894 via esptool (>=2.6.0 <=4.6.2)

esptool PYPI version =2.6.0, =1.1.1, =1.12.0, =1.1.0, =0.1.0, =0.1.0, =1.0.106, =1.19.0, =1.20.3, =0.2.0, =0.1.1.dev1, =0.6.0, =0.1.0, =0.24.0, =1.0.3, =1.0.1, =1.0.180 and more Source cves: CVE-2023-46894 Source advisory: OSV:GHSA-3F38-96QM-R3FW...

esp-flasher (>=1.1.1 <=1.1.2), esphome (>=1.16.0b1 <=2022.11.5) +3 more potentially affected by CVE-2023-46894 via esptool (>=3.0.0 <=3.3.3)

esptool PYPI version =3.0.0, =1.1.1, =1.16.0b1, =1.0.106, =0.6.0, =0.1.0, =0.9.0 Source cves: CVE-2023-46894 Source advisory: OSV:PYSEC-2023-234...

hass-auth-synology (>=0.0.0 <=0.4.28), homeassistant-cli (=0.2.0) +4 more potentially affected by CVE-2023-41893 via homeassistant (>=0.83.3 <=2023.8.4)

homeassistant PYPI version =0.83.3, =0.0.0, =2021.4.0, =0.4.11, =1.2.0, =0.3.0, =0.13.85 Source cves: CVE-2023-41893 Source advisory: OSV:GHSA-QHHJ-7HRC-GQJ5...

python39:3.9 and python39-devel:3.9 security update

Cython 0.29.21-5 - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz1877430 modwsgi 4.7.1-5 - Core dumped upon file upload = 1GB Resolves: rhbz2125172 numpy 1.19.4-3 - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz1933055 pybind11 2.7.1-1 - Update...

hass-auth-synology (>=0.0.0 <=0.4.28), homeassistant-cli (=0.2.0) +4 more potentially affected by CVE-2023-41893 via homeassistant (>=0.83.3 <=2023.8.4)

homeassistant PYPI version =0.83.3, =0.0.0, =2021.4.0, =0.4.11, =1.2.0, =0.3.0, =0.13.85 Source cves: CVE-2023-41893 Source advisory: OSV:PYSEC-2023-214...

CLSA-2023-1697481097 Update of alt-php

Bump epoch Disable ESM notification after installation: - remove ESM hook for apt-system - remove ESM infra/apps repositories from apt sources list Automatically mark some pytest to skip if FIPS kernel is running in a disabled state they always fail in this mode...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets (SUSE-SU-2023:2783-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. - aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data...

RHEL 8 : python27:2.7 (RHSA-2023:3780)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3780 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

Malicious code in install-pytest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c354c0f5dc76b96d0db0745a885c308a97e8edfa82d219fda8c353dd567b43d6 The OpenSSF Package Analysis project identified 'install-pytest' @ 1.12.7 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-1371 Malicious code in install-pytest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c354c0f5dc76b96d0db0745a885c308a97e8edfa82d219fda8c353dd567b43d6 The OpenSSF Package Analysis project identified 'install-pytest' @ 1.12.7 pypi as malicious. It is considered malicious because: - The package...

RHEL 8 : python38:3.8 and python38-devel:3.8 (RHSA-2022:7581)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7581 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Withdrawn Advisory: ReDoS in py library when used with subversion

Withdrawn Advisory This advisory has been withdrawn because evidence does not suggest that CVE-2022-42969 is a valid, reproducible vulnerability. This link is maintained to preserve external references. Original Description The py library through 1.11.0 for Python allows remote attackers to condu...

PT-2022-26687

Name of the Vulnerable Software and Affected Versions py versions through 1.11.0 Description The py library allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...