Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

DLA-3177-1 python-django - security update

Bulletin has no description...

SUSE-SU-2022:3512-2 Security update for python

This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // bsc1202624...

SUSE-SU-2022:3512-1 Security update for python

This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // bsc1202624...

Two more malicious Python packages in the PyPI

On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index PyPI, the most popular Python repository among software developers. The malicious packages were intended to steal developers personal data and credentials. Following this research, we used our...

SUSE-SU-2022:2248-1 Security update for python

This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module bsc1198511...

JetBrains PyCharm has an unspecified vulnerability

JetBrains PyCharm is an integrated development environment IDE for the Python language from Czech company Jetbrains. security vulnerability exists in versions prior to JetBrains PyCharm 2022.1, which stems from exposing the debugger port to the internal network, no details of the vulnerability ar...

SUSE-SU-2022:1485-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip bsc1186819. - Update to 3.9.10 jscSLE-23849 - Remove shebangs from from python-base libraries in libdir. bsc1193179 - Update to 3.9.9: Core and Builtins + bpo-30570: Fixed...

Twisted has unspecified vulnerabilities

Twisted is an event-driven open source network engine written in Python. Twisted has security vulnerabilities, and no details of the vulnerabilities are currently available...

adyanutils (>=0.4.0 <=0.8.6), ayugespidertools (>=3.4.1 <=3.9.5) +53 more potentially affected by CVE-2022-21716 via twisted (>=21.7.0 <=22.1.0)

twisted PYPI version =21.7.0, =0.4.0, =3.4.1, =1.6.0, =0.2.0, =3.9.2, =0.1.0.dev2, =21.0.0, =1.1.2.post3, =0.1.0, =0.4.0, =0.7.2, =1.0.0, =1.0.0, =2.0.5 and more Source cves: CVE-2022-21716 Source advisory: OSV:PYSEC-2022-160...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23577 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23577 Source advisory: OSV:PYSEC-2022-141...

Malicious PyPI Code Packages Rack Up Thousands of Downloads

Three malicious packages hosted in the Python Package Index PyPI code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into installations in various applications. Independent researcher Andrew Scott found the packages during a nearly...

DLA-2808-1 python3.5 - security update

Bulletin has no description...

OPENSUSE-SU-2021:1418-1 Security update for python

This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287 This update was imported from the SUSE:SLE-15:Update update project...

chellow (=2531.0.0), cyclonefw (>=0.0.1 <=1.0.18) +16 more potentially affected by CVE-2021-32838 via flask-restx (>=0.1.0 <=0.5.0)

flask-restx PYPI version =0.1.0, =0.0.1, =0.5.3, =0.0.2, =0.16.0, =3.1.60, =1.1.4, =1.0.2, =0.3.0, =0.0.2.3, =1.0.3, =0.0.8, =0.0.12 and more Source cves: CVE-2021-32838 Source advisory: OSV:PYSEC-2021-325...

Python < 2.7.17, 3.x < 3.5.8, 3.6.x < 3.6.10, 3.7.x < 3.7.5 XSS Vulnerability (bpo-38243) - Mac OS X

Python is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (>=1.2.0 <=1.6.0) +110 more potentially affected by CVE-2021-37690 via tensorflow (>=2.3.0 <=2.3.2)

tensorflow PYPI version =2.3.0, =1.0.62, =1.2.0, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2021-37690 Source advisory: OSV:PYSEC-2021-312...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +95 more potentially affected by CVE-2021-37685 via tensorflow (>=2.4.0 <=2.4.2)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.7.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.7.4 and more Source cves: CVE-2021-37685 Source advisory: OSV:PYSEC-2021-307...

c4v-py (>=0.1.0.dev1 <=0.1.0.dev202107081840) potentially affected by CVE-2021-37688 via tensorflow-cpu (=2.3.1)

tensorflow-cpu PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - c4v-py =0.1.0.dev1, =0.1.0.dev202107081840 Source cves: CVE-2021-37688 Source advisory: OSV:PYSEC-2021-601...

complaintclassify (=0.0.9) potentially affected by CVE-2021-37666 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-37666 Source advisory: OSV:PYSEC-2021-579...