58372 matches found
EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2025-2561)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third...
GHSA-H4PW-WXH7-4VJJ Duplicate Advisory: python-jose denial of service via compressed JWE content
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...
EUVD-2024-26380
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
Duplicate Advisory: python-jose denial of service via compressed JWE content
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...
EUVD-2025-203913
Malicious code in trondec PyPI...
PYSEC-2025-185
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
PYSEC-2025-185
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
DEBIAN-CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
aef-gw (>=0.1.1 <=0.1.15), airiam (>=0.1.2 <=0.1.8) +168 more potentially affected by CVE-2024-29370 via python-jose (>=0.5.5 <=3.3.0)
python-jose PYPI version =0.5.5, =0.1.1, =0.1.2, =0.1.0, =0.8.0, =0.9.0, =1.23.0.dev0, =0.1.2, =0.1.18, =1.1.3, =1.5.0, =0.1.7, =0.31.6, =0.3.0, =0.9.0, =0.0.12, =0.0.14 and more Source cves: CVE-2024-29370 Source advisory: OSV:PYSEC-2025-185...
UBUNTU-CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-3572...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]
Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future, due to the unintended import of a file named test.py. CVE-2025-50817. Python-Future is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4517]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in Python that allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". CVE-2025-4517. Python is used in our speech service runtimes. This vulnerabilitiy...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4138]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in in Python that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. CVE-2025-4138. Python is us...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4330]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in Python that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata CVE-2025-4330. Python is used i...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2024-12718]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python, due to issues with filter="data" or file permissions chmod with filter="tar" which allow modifying some metadata of files outside the extraction directory CVE-2024-12718. Python is used in our speech service...
Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-43804, CVE-2023-45803]
Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-43804, CVE-2023-45803 Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. urllib3...