NVIDIA TensorRT Detection

The Open Source Software OSS components of the NVIDIA TensorRT Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208130;...

AIM Detection

An AIM Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'xcompat.inc'; if description scriptid208127; scriptversion"1.5";...

H2O Module Detection

A H2O Python Module is installed on the remote host. H2O is an open source, in-memory, distributed, fast, and scalable machine learning and predictive analytics platform that allows you to build machine learning models on big data and provides easy productionalization of those models in an...

Weights & Biases Detection

A Weights & Biases Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208133; scriptversion"1.6";...

Strawberry GraphQL 跨站请求伪造漏洞

Strawberry GraphQL is a Python GraphQL library utilizing type annotations in the Strawberry GraphQL open source. A cross-site request forgery vulnerability exists in Strawberry GraphQL versions prior to 0.243.0, which stems from vulnerability to cross-site request forgery CSRF attacks...

The vulnerability of the Py_FindObjects() function in the Python programming language library, which is open-source and part of scipy, allows a attacker to compromise the confidentiality, integrity, and accessibility of the system.

The vulnerability of the PyFindObjects function in the Python programming language library, which is open-source and part of scipy, relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and accessibility ...

The vulnerability of the Py_FindObjects() function in the Python programming language library, which is open-source and part of the scipy library, allows a hacker to trigger a denial-of-service attack.

The vulnerability of the PyFindObjects function in the Python programming language library, which is open-source and part of scipy, stems from the lack of memory release after its effective lifespan. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

CLSA-2024-1726058763 python3: Fix of CVE-2024-6923

CVE-2024-6923: encode newlines in headers, verify headers are well-formed...

LangChain Experimental Python Library <= 0.0.14 (CVE-2023-44467)

LangChain is a framework for developing applications powered by large language models. langchainexperimental aka LangChain Experimental in LangChain = 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by...

Jupyter Notebook Python Library 7.0.0 < 7.2.2 (CVE-2024-43805)

Jupyter Notebook is an extensible environment for interactive and reproducible computing. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked...

Jupyterlab Python Library < 3.6.8 / 4.0 < 4.2.5 (CVE-2024-43805)

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

a2grunnerp (>=0.1.0 <=0.1.8), a3m (=0.1.0) +951 more potentially affected by CVE-2024-7246 via grpcio (>=1.0.0rc2 <=1.58.0)

grpcio PYPI version =1.0.0rc2, =0.1.0, =0.2.3, =0.0.3, =1.1.0, =1.1.0, =0.1.0, =0.1.0, =2022.9.19, =1.0.0, =0.1.3, =0.0.1, =3.4.0, =3.12.0.dev2 and more Source cves: CVE-2024-7246 Source advisory: SNYK:PYTHON-GRPCIO-9486468...

Python Library Certifi < 2024.07.04 Untrusted Root Certificate

The detected version of Certifi python package, certifi, is prior to version 2024.07.04. Therefore, it contains untrusted root certificates from GLOBALTRUST. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the application. Note that Nessus has not tested...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +235 more potentially affected by CVE-2024-39614 via django (>=5.0.0 <=5.0.6)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2024-39614 Source advisory: OSV:PYSEC-2024-59...

CLSA-2024-1720548691 python3: Fix of 2 CVEs

CVE-2023-6597: Prevent tempfile.TemporaryDirectory class dereference symlinks - CVE-2024-0450: Make zipfile module reject zip archives which overlap entries in the archive. Prevent “quoted-overlap” zip-bombs exploit...

Malicious code in pythoncryptlibaryv2 (PyPI)

--- -= Per source details. Do not edit below this line.=-...