arbitragelab (>=0.9.1 <=1.0.0), buzzword (>=1.2.1 <=1.2.3) +92 more potentially affected by CVE-2024-21485 via dash (>=0.21.1 <=2.12.1)

dash PYPI version =0.21.1, =0.9.1, =1.2.1, =0.0.2a0, =0.0.1, =2020.5.21, =0.0.2, =0.0.2, =0.1.0, =0.1.3, =0.13.2, =3.0.0, =1.2.1, =0.0.107, =0.0.109 and more Source cves: CVE-2024-21485 Source advisory: OSV:PYSEC-2024-35...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +234 more potentially affected by CVE-2023-50943 via apache-airflow (>=1.10.1 <=2.8.0)

apache-airflow PYPI version =1.10.1, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.5.1, =0.1.1, =0.1.1, =1.10.6 and more Source cves: CVE-2023-50943 Source advisory: OSV:PYSEC-2024-13...

PyCryptodome < 3.19.1 Side Channel Leak

The version of PyCryptodome installed on the remote host is prior to 3.19.1. It is, therefore, affected by a vulnerability. - A side-channel leakage with OAEP decryption could be exploited to carry out a Manger attack. CVE-2023-52323 Note that Nessus has not tested for this issue but has instead...

airi-test-task (=0.1.0), dtaledesktop (>=0.0.1 <=0.1.3) +13 more potentially affected by CVE-2024-21642 via dtale (>=2.16.0 <=3.22.0)

dtale PYPI version =2.16.0, =0.0.1, =0.1.0, =0.0.0.35, =0.1.1, =0.0.14, =0.0.5, =0.0.10, =1.0.0, =0.3.3, =0.1.0, =0.1.5 Source cves: CVE-2024-21642 Source advisory: OSV:GHSA-7HFX-H3J3-RWQ4...

3m (=0.1.0), accord-nlp (>=0.1.0 <=0.1.8) +808 more potentially affected by CVE-2023-6730 via transformers (>=2.10.0 <=4.35.2)

transformers PYPI version =2.10.0, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.0.4, =0.0.4, =0.0.11, =0.0.13, =0.0.15, =1.2.3, =1.3.106 and more Source cves: CVE-2023-6730 Source advisory: OSV:PYSEC-2023-300...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +337 more potentially affected by CVE-2023-6940 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 - apache-submarine =0.6.0 and more Source cves: CVE-2023-6940 Source advisory: OSV:GHSA-HVC6-42VF-JHF8...

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-46247 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-46247 Source advisory: OSV:PYSEC-2023-307...

BlazeStealer Malware Uncovered in Python Packages on PyPI

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Python Package Index PyPI repository is infiltrated with number of malicious python packages. These packages masquerade as obfuscation tools, however they harbor BlazeStealer malware, which initiates a...

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46446 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.10 and more Source cves: CVE-2023-46446 Source advisory: OSV:GHSA-C35Q-FFPF-5QPM...

Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation

Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including o...

Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

A new set of malicious Python packages has slithered their way to the Python Package Index PyPI repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware...

Rocky Linux 8 : python27:2.7 (RLSA-2021:1761)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1761 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker control...

12bucks (=0.1.0), 2u-enterprise-data (=10.22.1) +1418 more potentially affected by CVE-2023-46695 via django (>=4.2.0 <=4.2.6)

django PYPI version =4.2.0, =0.7.0, =0.1.6a0, =0.1.0, =1.8.0, =0.1.0a0, =1.0.0, =2.0.0, =2.0.0, =0.0.9, =1.1.0, =0.0.1, =0.11.0 and more Source cves: CVE-2023-46695 Source advisory: OSV:GHSA-QMF9-6JQF-J8FQ...

adyanutils (>=0.4.0 <=0.8.6), apricot-server (>=0.0.6 <=0.1.1) +151 more potentially affected by CVE-2023-46137 via twisted (>=16.0.0 <=23.10.0)

twisted PYPI version =16.0.0, =0.4.0, =0.0.6, =0.2.0, =3.4.1, =1.5.0, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =1.0.0, =1.1.0 and more Source cves: CVE-2023-46137 Source advisory: OSV:PYSEC-2023-224...

a2grunnerp (>=0.1.0 <=0.1.8), a4t-sale-discount (=5.0.2) +2121 more potentially affected by CVE-2023-46136 via werkzeug (>=0.10.1 <=2.3.7)

werkzeug PYPI version =0.10.1, =0.1.0, =1.0.2, =0.10.3, =1.8.8, =0.8.44.4, =4.2.0, =0.4.0, =0.9.2, =0.1.0, =0.0.1, =0.0.4 - adminui =1.5.2 and more Source cves: CVE-2023-46136 Source advisory: OSV:PYSEC-2023-221...

aimmo (>=0.57.1 <=1.3.1b671), cfl-common (>=4.3.0 <=5.26.7) +116 more potentially affected by CVE-2023-45809 via wagtail (>=1.0.0 <=4.0.4)

wagtail PYPI version =1.0.0, =0.57.1, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =0.1.29, =0.2.0, =2.0.3, =0.1.1, =0.2.4, =5.22.3, =10.2.9 and more Source cves: CVE-2023-45809 Source advisory: OSV:PYSEC-2023-219...

aaronblaser-sdk (>=1.0.0 <=1.0.1), actoolkit (>=2.6.4 <=2.6.10) +272 more potentially affected by CVE-2023-43804 via urllib3 (>=2.0.0 <=2.0.5)

urllib3 PYPI version =2.0.0, =1.0.0, =2.6.4, =0.0.1, =0.1.1, =0.5.0, =0.1.23, =0.4.3, =0.4.1, =0.0.12, =0.0.14 and more Source cves: CVE-2023-43804 Source advisory: OSV:PYSEC-2023-192...

0lever-utils (>=0.0.2 <=0.0.7), 2keys (=0.5.1) +4804 more potentially affected by CVE-2023-43804 via urllib3 (>=1.10.2 <=1.26.16)

urllib3 PYPI version =1.10.2, =0.0.2, =0.0.2, =0.1.0, =0.1.0, =0.2.0rc1, =1.0.2, =0.3.4, =0.4.6, =0.1.0, =0.5.6, =0.5.6.dev1 - acapy-patched-old =0.5.6 and more Source cves: CVE-2023-43804 Source advisory: OSV:PYSEC-2023-192...

a9s (=0.7.0), algora-sdk (>=1.3.2 <=1.5.39) +76 more potentially affected by CVE-2023-26145 via pydash (>=4.2.1 <=5.1.2)

pydash PYPI version =4.2.1, =1.3.2, =0.1.0, =1.9.0, =0.2.6, =0.1.0, =1.0.1, =0.1.0b1, =0.0.2, =0.0.2, =0.1.0b1, =1.0.1, =2020.7.8, =0.0.20, =0.1.0, =0.3.1 and more Source cves: CVE-2023-26145 Source advisory: OSV:PYSEC-2023-179...

SUSE SLES15 Security Update : grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets (SUSE-SU-2023:2783-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-2 advisory. - aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers an...