python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

USN-6595-1: PyCryptodome vulnerability

It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information...

ecdsa Security Vulnerabilities

python-ecdsa is a signature verification plugin for Python. A security vulnerability exists in ecdsa 0.18.0 and earlier versions, which stems from vulnerability to Minerva attacks...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CLSA-2024-1705080095 python: Fix of CVE-2023-40217

CVE-2023-40217: Fix TLS handshake bypass...

fontTools Code Issue Vulnerability

fontTools is a library written in Python for manipulating fonts. A code issue vulnerability exists in fontTools versions prior to 4.43.0. An attacker can exploit this vulnerability to run arbitrary files from fontTools' filesystem...

[SECURITY] Fedora 38 Update: python-pysqueezebox-0.5.5-11.fc38

Python library to control a Logitech Media Server asynchronously...

Gradio Command Injection Vulnerability

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a command injection vulnerability that stems from the application exposing sensitive information to unauthorized participants...

CVE-2023-50423

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

PYSEC-2023-261

SAPBTPSecurity Services Integration Library Pythonsap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

CVE-2023-50423 Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6568 via mlflow (>=0.8.2 <=2.9.0)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6568 Source advisory: OSV:PYSEC-2023-260...

PT-2023-31157 · Google · Google-Api-Python-Client

Name of the Vulnerable Software and Affected Versions: PyDrive2 versions prior to 1.16.2 Description: PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserialization will result in arbitrary code execution. A maliciously...

[SECURITY] Fedora 39 Update: python-asyncssh-2.14.1-1.fc39

Python 3 library for asynchronous client and server-side SSH communication. It uses the Python asyncio module and implements many SSH protocol features such as the various channels, SFTP, SCP, forwarding, session multiplexing over a connection and more...

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

Remarshal Security Vulnerability

Remarshal is a python library from the Remarshal Project. A security vulnerability exists in Remarshal versions prior to v0.17.1, which stems from a denial of service DoS when processing untrusted YAML files...

Rocky Linux 8 : python27:2.7 (RLSA-2019:3335)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3335 advisory. - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The...

adyanutils (>=0.4.0 <=0.8.6), apricot-server (>=0.0.6 <=0.1.1) +109 more potentially affected by CVE-2023-46137 via twisted (>=20.3.0 <=23.10.0)

twisted PYPI version =20.3.0, =0.4.0, =0.0.6, =0.2.0, =3.4.1, =1.5.0, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =1.0.0, =0.1.0.dev2, =0.3.4, =1.0.1 and more Source cves: CVE-2023-46137 Source advisory: OSV:PYSEC-2023-224...

CLSA-2023-1697740683 python3: Fix of CVE-2022-48560

CVE-2022-48560: fix posible crash in heapq with custom comparison operators...