CVE-2023-26052

CVE-2023-26052 affects Saleor, a headless GraphQL commerce platform. The issue is unauthenticated information disclosure caused by internal Python exceptions not being properly handled, which can leak sensitive infrastructure details via API error messages. Affected versions were fixed in 3.1.48,...

CVE-2023-26052 Saleor is vulnerable to unauthenticated information disclosure via Python exceptions

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...

CVE-2023-26051

Summary of CVE-2023-26051 (Saleor) : Saleor is vulnerable to information disclosure via unhandled internal Python exceptions that may be returned in API error messages. The leakage can reveal sensitive data such as user email addresses in staff-authenticated requests. This issue has been addresse...

CVE-2023-26051 Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...

Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

A malicious Python package uploaded to the Python Package Index PyPI has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind...

USN-5821-3: pip regression

USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately, it was missing a commit to fix it properly in pip. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex...

Moderate: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Osprey Pump Controller 1.0.1 eventFileSelected Command Injection Vulnerability

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts. Ospr...

ALSA-2023:0952 Moderate: python-setuptools security update

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 For more details abo...

ALSA-2023:0953 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2023:0549-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0549-1 advisory. - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path...

Ubuntu 20.04 ESM : Python vulnerabilities (USN-5888-1)

The remote Ubuntu 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5888-1 advisory. It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input...

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Updated python-cryptography packages fix security vulnerability

Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as 'bytes' to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an...

Updated python-jupyterlab packages fix security vulnerability

Remote code execution, but requires user action to open a notebook. CVE-2021-32797, and other bug fixes...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 One-click enumeration of all usernames and wr...

MAL-2023-3556 Malicious code in esqvisavirtualencode (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b1a87a1f6ce044f202e6535031bfb769c0d3d4c45a46ec49f3e7855a016ed210 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5349 Malicious code in py-minemaskget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4ce4f410ab6bbdec8e653634bbab47ca30e1905f3f10479579510035545c15d4 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-5618 Malicious code in py-revisaram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7f5dab19266685deb62ba7140a7a8cb4bb99ad3951cca4e00f8377eec3214db9 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

...