[SECURITY] [DSA 5791-1] python-reportlab security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5791-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 13, 2024 https://www.debian.org/security/faq -...

PYSEC-2024-168

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...

CVE-2024-47833

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...

CVE-2024-47833 Session Cookie without Secure and HTTPOnly flags in taipy

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...

PYSEC-2024-109

DeepSpeed Remote Code Execution Vulnerability...

CLSA-2024-1728071619 python: Fix of 2 CVEs

CVE-2024-7592: fix algorithm with quadratic complexity to avoid using excess CPU resources while parsing the cookie value - CVE-2024-6232: fix regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing and was vulnerable to ReDoS via specifically-crafted tar...

Google AI Platform (VertexAI SDK) Detection

A Google AI Platform Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208126; scriptversion"1.5";...

Tensorflow-hub Detection

A Tensorflow-hub Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208141; scriptversion"1.6";...

NVIDIA TensorRT Detection

The Open Source Software OSS components of the NVIDIA TensorRT Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208130;...

Weights & Biases Detection

A Weights & Biases Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208133; scriptversion"1.6";...

AIM Detection

An AIM Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'xcompat.inc'; if description scriptid208127; scriptversion"1.5";...

H2O Module Detection

A H2O Python Module is installed on the remote host. H2O is an open source, in-memory, distributed, fast, and scalable machine learning and predictive analytics platform that allows you to build machine learning models on big data and provides easy productionalization of those models in an...

Strawberry GraphQL 跨站请求伪造漏洞

Strawberry GraphQL is a Python GraphQL library utilizing type annotations in the Strawberry GraphQL open source. A cross-site request forgery vulnerability exists in Strawberry GraphQL versions prior to 0.243.0, which stems from vulnerability to cross-site request forgery CSRF attacks...

The vulnerability of the Py_FindObjects() function in the Python programming language library, which is open-source and part of the scipy library, allows a hacker to trigger a denial-of-service attack.

The vulnerability of the PyFindObjects function in the Python programming language library, which is open-source and part of scipy, stems from the lack of memory release after its effective lifespan. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Py_FindObjects() function in the Python programming language library, which is open-source and part of scipy, allows a attacker to compromise the confidentiality, integrity, and accessibility of the system.

The vulnerability of the PyFindObjects function in the Python programming language library, which is open-source and part of scipy, relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and accessibility ...

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

CLSA-2024-1726058763 python3: Fix of CVE-2024-6923

CVE-2024-6923: encode newlines in headers, verify headers are well-formed...

LangChain Experimental Python Library <= 0.0.14 (CVE-2023-44467)

LangChain is a framework for developing applications powered by large language models. langchainexperimental aka LangChain Experimental in LangChain = 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by...

Jupyter Notebook Python Library 7.0.0 < 7.2.2 (CVE-2024-43805)

Jupyter Notebook is an extensible environment for interactive and reproducible computing. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked...

Jupyterlab Python Library < 3.6.8 / 4.0 < 4.2.5 (CVE-2024-43805)

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...