5624 matches found
PYSEC-2024-166
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ t...
PYSEC-2024-237
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if the...
PYSEC-2024-208
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...
PYSEC-2024-288
Cross-site Scripting XSS - Stored in mindsdb/mindsdb...
PYSEC-2024-234
Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing...
PYSEC-2024-47
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...
PYSEC-2024-40
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
PYSEC-2024-36
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive...
PYSEC-2024-127
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...
PYSEC-2024-27
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
PYSEC-2024-12
LlamaIndex aka llamaindex through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...
PYSEC-2024-129
FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...
PYSEC-2024-146
PaddlePaddle before 2.6.0 has a command injection in convertshapecompare. This resulted in the ability to execute arbitrary commands on the operating system...
PYSEC-2024-134
Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...
PYSEC-2023-271
Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...
PYSEC-2023-261
SAPBTPSecurity Services Integration Library Pythonsap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
PYSEC-2023-272
The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...
PYSEC-2023-288
The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...
PYSEC-2023-243
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
PYSEC-2023-229
ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...
PYSEC-2023-172
The Create Single Payment application of SAP S/4HANA- versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment.When clicked on the XML file in the attachment section, the file gets opened in the browser to cause theentity loops to slow down...
PYSEC-2023-168
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...
PYSEC-2023-154
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
PYSEC-2023-312
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
PYSEC-2023-111
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
PYSEC-2023-94
Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...
PYSEC-2023-91
Langchain 0.0.171 is vulnerable to Arbitrary Code Execution...
PYSEC-2023-75
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL...
PYSEC-2023-273
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlled...
PYSEC-2023-87
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...
PYSEC-2023-53
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...
PYSEC-2023-24
Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input...
PYSEC-2023-23
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...
PYSEC-2023-49
Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...
PYSEC-2023-51
ubireaderextractfiles is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory provided the process has write access to that file or directory. This is due to the fact that a node name...
PYSEC-2023-6
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3...
PYSEC-2023-30
Cross-site Scripting XSS - Stored in GitHub repository modoboa/modoboa prior to 2.0.4...
PYSEC-2022-43093
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43090
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-288
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
PYSEC-2022-280
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...
PYSEC-2022-43119
The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
PYSEC-2022-261
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...
PYSEC-2022-263
In Apache Airflow versions 2.2.4 through 2.3.3, the database webserver session backend was susceptible to session fixation...
PYSEC-2022-257
NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity...
PYSEC-2022-243
untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...
PYSEC-2022-43143
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...
PYSEC-2022-213
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...
PYSEC-2022-217
The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...
PYSEC-2022-43154
WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm...