807 matches found
Design/Logic Flaw
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...
PYSEC-2023-90
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...
Exploit for Code Injection in Reportlab
CODE INJECTION VULNERABILITY IN REPORTLAB PYTHON LIBRARY tl...
Exploit for OS Command Injection in Zyxel Atp100_Firmware
CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's ex...
The vulnerability of the ContentStream._readInlineImage function in the PDF processing library PyPDF2, which allows a hacker to trigger a service failure.
The vulnerability of the ContentStream.readInlineImage function in the PDF processing library PyPDF2 is related to an incorrect implementation of the exit condition from the loop. Exploiting this vulnerability allows a malicious actor to cause service failure by using a specially created PDF file...
Fedora: Security Advisory for python-cairosvg (FEDORA-2023-ab86bdbce6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CLSA-2023-1678136626 python: Fix of CVE-2023-24329
CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...
[SECURITY] [DLA 3331-2] python-cryptography security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3331-2 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 27, 2023 https://wiki.debian.org/LTS -...
Malicious code in libpushhttpget (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 35c9d6a7fed6e993876def2d1dfeb1b9ebfb8a851937b88de185bbe84a9e67d6 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-libcccandy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f1d7cca77c2c5f6a1a5a19a16321ecd40dd87e161c9f932a0ea15da705db0099 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
CVE-2023-25823
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...
CVE-2023-25823 Gradio contains Use of Hard-coded Credentials
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...
CVE-2023-25823 Gradio contains Use of Hard-coded Credentials
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...
Moodle 3.10.x < 3.10.8 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.11, 3.10.x prior to 3.10.8 or 3.11.x prior to 3.11.4. It is, therefore, affected by multiple vulnerabilities: - A Remote Code Execution when restoring malformed backup files. CVE-2021-3943 - A vulnerable version of mlbackend...
Moodle 3.11.x < 3.11.4 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.11, 3.10.x prior to 3.10.8 or 3.11.x prior to 3.11.4. It is, therefore, affected by multiple vulnerabilities: - A Remote Code Execution when restoring malformed backup files. CVE-2021-3943 - A vulnerable version of mlbackend...
Moodle 3.9.x < 3.9.11 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.11, 3.10.x prior to 3.10.8 or 3.11.x prior to 3.11.4. It is, therefore, affected by multiple vulnerabilities: - A Remote Code Execution when restoring malformed backup files. CVE-2021-3943 - A vulnerable version of mlbackend...
Moodle 3.10.x < 3.10.11 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.14, 3.10.x prior to 3.10.11, 3.11.x prior to 3.11.7 or 4.0.x prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability in ID numbers displayed when bulk...
Moodle 3.11.x < 3.11.7 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.14, 3.10.x prior to 3.10.11, 3.11.x prior to 3.11.7 or 4.0.x prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability in ID numbers displayed when bulk...
Moodle 3.9.x < 3.9.14 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.14, 3.10.x prior to 3.10.11, 3.11.x prior to 3.11.7 or 4.0.x prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability in ID numbers displayed when bulk...
Moodle 4.0.x < 4.0.1 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.14, 3.10.x prior to 3.10.11, 3.11.x prior to 3.11.7 or 4.0.x prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability in ID numbers displayed when bulk...