python-aiohttp: http request smuggling

An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...

ROS-20240412-04

A vulnerability in Salt's configuration management and remote execution system is related to the copying a script along a predictable path. Exploitation of the vulnerability could allow an attacker, acting remotely to run their own script. A vulnerability in the symbolic.py component of the Pytho...

gradio 路径遍历漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A path traversal vulnerability exists in gradio that stems from incorrect validation of user-supplied input...

redhat-support-lib-python and redhat-support-tool bug fix and enhancement update

An update is available for redhat-support-tool, redhat-support-lib-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The redhat-support-tool utility...

The vulnerability of the netref component in the RPyC Python library, allowing a hacker to execute arbitrary code

The vulnerability of the netref component in the RPyC Python library is related to improper security checks for standard elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Debian dsa-5652 : python-py7zr-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5652 advisory. - A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via...

Gradio 安全漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a security vulnerability that stems from a password checking condition that is susceptible to a timing attack to guess passwords...

Gradio 命令注入漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a command injection vulnerability that stems from the fact that injection via command can lead to information disclosure...

CLSA-2024-1711491407 python: Fix of CVE-2023-27043

CVE-2023-27043: reject malformed addresses in email.parseaddr...

CVE-2024-29189

PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/productinstance.py, upon calling this method startprogram directly, users could exploit its usage to perform malicious operations on the current...

Gradio 跨站请求伪造漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a cross-site request forgery vulnerability that stems from vulnerability to cross-site request forgery attacks...

RPyC Security Vulnerabilities

RPyC is a symmetric RPC Remote Procedure Call library for Python. A security vulnerability exists in RPyC versions prior to 6.0.0 that stems from a remote code execution vulnerability when using numpy.array on the server side...

[SECURITY] Fedora 40 Update: python-javaobj-0.4.3-12.fc40

python-javaobj is a python library that provides functions for reading and writing writing is WIP currently Java objects serialized or will be deserialized by ObjectOutputStream. This form of object representation is a standard data interchange format in Java world...

PT-2024-2537 · Rpyc +1 · Rpyc +1

Name of the Vulnerable Software and Affected Versions: RPyC versions prior to 6.0.0 Description: The issue is related to the netref component of the RPyC Python library, which has an incorrect security check for standard elements. This can allow a remote attacker to execute arbitrary code by...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +154 more potentially affected by CVE-2024-27319 via onnx (>=0.2.0 <=1.15.0)

onnx PYPI version =0.2.0, =0.1.0, =0.0.0, =0.0.157, =1.3.0, =0.0.9, =0.2.19, =0.0.1, =0.1.0, =0.0.0, =1.0.45, =1.44.0, =1.55.0 and more Source cves: CVE-2024-27319 Source advisory: OSV:PYSEC-2024-223...

AZL-43006 CVE-2023-6681 affecting package python-jwcrypto 0.6.0-9

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...

agsekit (>=0.0.1 <=1.7.1), ansible (>=8.0.0 <=8.7.0) +19 more potentially affected by CVE-2024-0690 via ansible-core (>=2.15.0 <=2.15.6)

ansible-core PYPI version =2.15.0, =0.0.1, =8.0.0, =2.1.0, =1.1.7, =1.5.28, =0.0.6, =0.1.0, =3.7.4, =0.1.0, =15.0.0, =0.2.0, =0.1.0, =0.1.6 and more Source cves: CVE-2024-0690 Source advisory: OSV:PYSEC-2024-36...

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42773 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)

aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23334 Source advisory: OSV:PYSEC-2024-24...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42782 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23829 Source advisory: OSV:GHSA-8QPW-XQXJ-H4R2...