CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

MLflow 安全漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible executions, and sharing and deploying models. Version 2.20.3 of MLFlow contains a security vulnerability. This vulnerability stems from...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-871)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-871 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2025:0048-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0048-1 advisory. - Properly quote path names provided when creating a virtual environment bsc1232241, CVE-2024-9287 Tenabl...