Malicious code in aietelegram (PyPI)

--- -= Per source details. Do not edit below this line.=-...

OESA-2024-1745 python-scikit-learn security update

A Python module for machine learning built on top of SciPy Security Fixes: A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the...

[SECURITY] Fedora 39 Update: python-authlib-1.3.1-1.fc39

Python library for building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included...

[SECURITY] Fedora 40 Update: python-authlib-1.3.1-1.fc40

Python library for building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included...

The vulnerability of the Python library for interacting with git repositories like gitpython, related to improper input validation, allows a malicious actor to inject a malicious remote URL address into the cloning command.

The vulnerability of the Python library for interacting with git repositories called gitpython is related to external git calls that lack proper parameter sanitization. Exploiting this vulnerability allows a malicious actor to inject a malicious remote URL address as part of a cloning command...

Microsoft Authentication Library Competitive Conditions Issue Vulnerability

Microsoft Authentication Library MSAL is an authentication library from Microsoft Corporation. A competitive condition vulnerability exists in Microsoft Authentication Library. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected:...

aa-prepflow (>=0.1.0 <=0.1.1), agentsociety2 (>=2.0.0 <=2.2.0) +116 more potentially affected by CVE-2024-37063 via ydata-profiling (>=4.0.0 <=4.7.0)

ydata-profiling PYPI version =4.0.0, =0.1.0, =2.0.0, =0.74.0, =1.0.0, =0.1.0, =0.8.0, =0.1.2, =1.0.0, =2.0.1, =2.2.1 - classifier-toolkit =0.1.0 and more Source cves: CVE-2024-37063 Source advisory: OSV:GHSA-2R57-2MRH-GGJV...

CVE-2024-37065

Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded...

The vulnerability of the RSA Key Exchange Handler component in the Python m2crypto encryption and SSL tools allows a perpetrator to disclose confidential data.

The vulnerability of the RSA Key Exchange Handler component in encryption and SSL tools for Python’s m2crypto library is related to the decoding of captured messages on TLS servers that use RSA key exchange. Exploiting this vulnerability can allow a remote attacker to disclose confidential data...

NASA AIT-Core vulnerable to remote code execution

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...

CVE-2024-35060

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...

CVE-2024-35059

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...

CVE-2024-35059

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...

CVE-2024-35059

CVE-2024-35059 affects NASA AIT-Core v2.5.2 and its Pickle-based processing. Red Hat entries describe an unencrypted network channel enabling a man-in-the-middle, which when chained with CVE-2024-35059 results in unauthenticated, fully remote code execution. The core issue is the use of Pickle wi...

CVE-2024-35060

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...

PT-2024-40080 · Php-Jwt +4 · Php-Jwt +4

Name of the Vulnerable Software and Affected Versions: node-jsonwebtoken affected versions not specified pyjwt affected versions not specified namshi/jose affected versions not specified php-jwt affected versions not specified jsjwt affected versions not specified Description: The issue affects...

编号撤回

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. This CVE number has been withdrawn...

tqdm 安全漏洞

tqdm is a fast, extensible progress bar for Python and the CLI from the tqdm open source. A security vulnerability exists in versions of tqdm prior to 4.66.3, which stems from the fact that any optional non-Boolean CLI arguments can be passed through python's eval, allowing arbitrary code executi...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

SAP BTP Python Library sap-xssec < 4.1.0 Privilege Escalation

The detected version of SAP BTP python package, sap-xssec, is prior to version 4.1.0. It is, therefore, affected by a privilege escalation vulnerability. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the applicaiton. Note that Nessus has not tested for...