288 matches found
CBL Mariner 2.0 Security Update: python3 (CVE-2024-9287)
The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9287 advisory. - A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a...
Virtual environment (venv) activation scripts don't quote paths
...
Medium: python3.11
Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...
Privilege escalation from writing file into temporary directory to arbitrary code execution
Description The MLFlow temporary directory gets assigned insecure world-writable permissions 0o777. def getorcreatetmpdir: """ Get or create a temporary directory which will be removed once python process exit. """ from mlflow.utils.databricksutils import getreplid, isindatabricksruntime if...
Granular sudo Permissions for Veeam Plug-in for Proxmox VE
Purpose This article provides an example granular 'sudoers' configuration for the Linux account that will be used by Veeam Backup & Replication when managing a Proxmox VE host. Solution Critical Details Before You Begin Review all Considerations and Limitations in the user guide! Most noteworthy:...
Release Information for Proxmox Virtual Environment Plug-In v12.1.3.217
Update: 2025-03-19 Consider the following regarding the Proxmox Virtual Environment Plug-In: The Plug-in build on this page, 12.1.3.217, is included automatically when upgrading to or installing Veeam Backup & Replication 12.3.1. The Plug-in only needs to be manually deployed by customers still...
CLSA-2025-1740133056 python3: Fix of CVE-2024-9287
CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...
CLSA-2025-1740132042 python3: Fix of CVE-2024-9287
CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...
K000149756: Python vulnerability CVE-2024-9287
Security Advisory Description A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source...
EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-1195)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted...
Azure Linux 3.0 Security Update: kernel (CVE-2024-39483)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39483 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: WARN on vNMI + NMI window iff...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1162)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-1162)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted...
CVE-2024-21545
Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. When handli...
BIT-PYTHON-MIN-2024-9287 Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
ROS-20250114-11
The vulnerability of the Python virtualenv virtual environment constructor activation scripts is related to the failure to take steps to neutralize special elements used by the operating system command. measures to neutralize special elements used in the operating system command. Exploitation...
RHEL 9 : python3.11 (RHSA-2025:0280)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0280 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
Moderate: Red Hat Security Advisory: python3.11 security update
An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Security update for python312
This update for python312 fixes the following issues: Properly quote path names provided when creating a virtual environment bsc1232241, CVE-2024-9287 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:0048-1 Security update for python312
This update for python312 fixes the following issues: - Properly quote path names provided when creating a virtual environment bsc1232241, CVE-2024-9287...