[SECURITY] Fedora 40 Update: python-javaobj-0.4.3-12.fc40

python-javaobj is a python library that provides functions for reading and writing writing is WIP currently Java objects serialized or will be deserialized by ObjectOutputStream. This form of object representation is a standard data interchange format in Java world...

PT-2024-2537 · Rpyc +1 · Rpyc +1

Name of the Vulnerable Software and Affected Versions: RPyC versions prior to 6.0.0 Description: The issue is related to the netref component of the RPyC Python library, which has an incorrect security check for standard elements. This can allow a remote attacker to execute arbitrary code by...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +153 more potentially affected by CVE-2024-27319 via onnx (>=0.2.0 <=1.15.0)

onnx PYPI version =0.2.0, =0.1.0, =0.0.0, =0.0.157, =1.3.0, =0.0.9, =0.2.19, =0.0.1, =0.1.0, =0.0.0, =1.0.45, =1.44.0, =1.55.0 and more Source cves: CVE-2024-27319 Source advisory: OSV:PYSEC-2024-223...

AZL-43006 CVE-2023-6681 affecting package python-jwcrypto 0.6.0-9

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...

agsekit (>=1.0.4 <=1.6.8), ansible (>=8.0.0 <=8.7.0) +19 more potentially affected by CVE-2024-0690 via ansible-core (>=2.15.0 <=2.15.6)

ansible-core PYPI version =2.15.0, =1.0.4, =8.0.0, =2.1.0, =1.1.7, =1.5.28, =0.0.6, =0.1.0, =3.7.4, =0.1.0, =15.0.0, =0.2.0, =0.1.0, =0.1.6 and more Source cves: CVE-2024-0690 Source advisory: OSV:PYSEC-2024-36...

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +40231 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)

aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2024-23334 Source advisory: OSV:PYSEC-2024-24...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +40240 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2024-23829 Source advisory: OSV:GHSA-8QPW-XQXJ-H4R2...

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

USN-6595-1: PyCryptodome vulnerability

It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information...

ecdsa Security Vulnerabilities

python-ecdsa is a signature verification plugin for Python. A security vulnerability exists in ecdsa 0.18.0 and earlier versions, which stems from vulnerability to Minerva attacks...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CLSA-2024-1705080095 python: Fix of CVE-2023-40217

CVE-2023-40217: Fix TLS handshake bypass...

fontTools Code Issue Vulnerability

fontTools is a library written in Python for manipulating fonts. A code issue vulnerability exists in fontTools versions prior to 4.43.0. An attacker can exploit this vulnerability to run arbitrary files from fontTools' filesystem...

[SECURITY] Fedora 38 Update: python-pysqueezebox-0.5.5-11.fc38

Python library to control a Logitech Media Server asynchronously...

Gradio Command Injection Vulnerability

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a command injection vulnerability that stems from the application exposing sensitive information to unauthorized participants...

CVE-2023-50423

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

PYSEC-2023-261

SAPBTPSecurity Services Integration Library Pythonsap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-50423 Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...