MGASA-2023-0140 Updated python-certifi packages fix security vulnerability

Disable bundled Trustcor root cerificate signatures generated after Wednesday November 30 00:00:00 2022. CVE-2022-23491...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Multiple Vulnerabilities (NS-SA-2023-0008)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by multiple vulnerabilities: - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

aws-syndicate (>=0.9.2 <=1.9.4), bcipy (>=1.1.1 <=1.4.2) +40 more potentially affected by CVE-2023-26112 via configobj (>=5.0.0 <=5.0.8)

configobj PYPI version =5.0.0, =0.9.2, =1.1.1, =0.4.1, =1.0.0, =1.0.0, =1.7.0, =0.0.2, =0.1.5, =0.1.2, =0.0.26, =0.1.0, =2.1.0, =0.1.5, =0.1.14, =2018.4.2.1 and more Source cves: CVE-2023-26112 Source advisory: OSV:GHSA-C33W-24P9-8M24...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +606 more potentially affected by CVE-2023-25661 via tensorflow (>=1.0.1 <=2.11.0rc2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =0.0.1, =0.2.0, =0.3.1, =0.5.1 and more Source cves: CVE-2023-25661 Source advisory: OSV:GHSA-FXGC-95XX-GRVQ...

ad-sdl-wei (>=0.5.1 <=0.5.4), addok (>=1.1.0 <=1.1.0rc2) +94 more potentially affected by CVE-2023-28858 via redis (>=4.2.0 <=4.3.5)

redis PYPI version =4.2.0, =0.5.1, =1.1.0, =22.5.13, =0.1.1, =0.5.0, =3.2.0, =1.0.0, =0.5.0, =0.1.0, =2.0.3, =0.1.2, =0.1.15 - croudtech-python-aws-app-config =1.1.13 and more Source cves: CVE-2023-28858 Source advisory: OSV:GHSA-24WV-MV5M-XV4H...

an-website (>=22.12.28 <=23.2.6), anoteai (>=0.10.0 <=0.20.0) +26 more potentially affected by CVE-2023-28858 via redis (>=4.4.0 <=4.4.2)

redis PYPI version =4.4.0, =22.12.28, =0.10.0, =0.8.2, =0.1.17, =0.0.10, =1.8.1, =0.5.0rc1, =0.0.122, =0.104.0rc1, =0.7.2, =0.31.0, =1.0.2, =1.1.1 - lemur =1.3.1 and more Source cves: CVE-2023-28858 Source advisory: OSV:PYSEC-2023-45...

ad-sdl-wei (>=0.5.1 <=0.5.4), addok (>=1.1.0 <=1.1.0rc2) +143 more potentially affected by CVE-2023-28859 via redis (>=4.2.0 <=4.4.3)

redis PYPI version =4.2.0, =0.5.1, =1.1.0, =1.2.0a20250730, =2.2.1, =22.5.13, =0.1.1, =0.10.0, =0.2.0, =0.5.0, =22.6.0b4, =22.6.0b4, =22.6.0b4, =22.9.5, =23.3.2 and more Source cves: CVE-2023-28859 Source advisory: OSV:PYSEC-2023-46...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +606 more potentially affected by CVE-2023-25801 via tensorflow (>=1.0.1 <=2.11.0rc2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =0.0.1, =0.2.0, =0.3.1, =0.5.1 and more Source cves: CVE-2023-25801 Source advisory: OSV:GHSA-F49C-87JH-G47Q...

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index PyPI repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and...

Malicious code in libguigrandmc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6aecdbe6b089ffe59ba97add73503b78ab4c6dc432a5b733ed03687c146effbf EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in esqccstringmask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ad3667ef6b7620604468e627b774f2339b75086dc8eb705cbaaa95acd784e178 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in esqcvinfogrand (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c820bd971cc018caa572c8d3e5fbc4c800609499f10309c461ecf7dbc6d3f315 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in py-paypalinfopip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d00980074e219dc11140953e97dbbf1b8f13c4d6efc450d19cfccfd12c8848b2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfhydrastudycc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5dc2e2dddc8d4486e55f7c130ba6fd3d65a25aa9af3d922742d15fc493654c3d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in tpintelpullcpu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx aa5aa0d7db3d4fbdeb8813876a47fb05270e4b0d1e3b83b994a2caf8be6b0aa2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in py-infohydrarandom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8b33f80b0693f39c98c339be819a9518bedd56077b20c5e5ac8b71e703de101c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in tpstringcraftget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bc163c941740b32b40f2df1e19d56519e11ad614608a221cba6f58f5a8150cc5 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in esqmasksplitpush (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 371a75bbb9117312cbc2dfb41f4c02a5e1378b7ca3d109a59401cc2d79619da0 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in libcontrolhttpstr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ec54d33b4978cf8aeb5ed3e67dbc5b622f0765d0812587bb826940a7ea1aa67f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfstrresuper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 49803565eb7930c1be012ba3459247ea4b14d432a6e16c4ba5917e4e2f697856 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...