12 matches found
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to access sensitive data or execute code that the malicious party is not initially authorized to execute. For successful abuse, the malicious...
EUVD-2013-0031
Malware in sbrugna...
EUVD-2024-0801
Malicious code in bioql PyPI...
EUVD-2024-3492
Malicious code in bioql PyPI...
RLSA-2024:9193 Moderate: python3.12-PyMySQL security update
This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...
CVE-2024-29189 ansys-geometry-core OS Command Injection vulnerability
PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/productinstance.py, upon calling this method startprogram directly, users could exploit its usage to perform malicious operations on the current...
CVE-2024-29189
CVE-2024-29189 affects the PyAnsys Geometry library (ansys-geometry-core) and specifically the internal _start_program routine in src/ansys/geometry/core/connection/product_instance.py. The vulnerability arises from invoking subprocess.Popen with a shell context (shell flag enables shell executio...
CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
ROS-20220407-03
A vulnerability in the Python client library is related to insufficient validation of user input data in the FTP File Transfer Protocol library when used in PASV passive mode in the FTP File Transfer Protocol library when it is used in PASV passive mode. Exploitation the vulnerability could allow...
CVE-2014-0105
The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...
Design/Logic Flaw
The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...
CVE-2013-4111
The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...