3743 matches found
PYSEC-2023-158
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for databasesession backend...
PYSEC-2023-153
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the successurl parameter...
PYSEC-2023-151
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the loadprompt parameter...
PYSEC-2023-149
The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service...
PYSEC-2023-150
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file...
PYSEC-2023-147
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool.run component...
PYSEC-2023-145
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter...
PYSEC-2023-148
An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...
PYSEC-2023-146
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...
PYSEC-2023-136
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read file...
PYSEC-2023-137
GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...
PYSEC-2023-141
A stored cross-site scripting XSS vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates...
PYSEC-2023-321
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
PYSEC-2023-144
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
PYSEC-2023-143
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
PYSEC-2023-142
Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...
PYSEC-2023-134
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...
PYSEC-2023-138
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...
PYSEC-2023-140
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with verify=False disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version...
PYSEC-2023-139
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...
PYSEC-2023-135
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems...
PYSEC-2023-280
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0...
PYSEC-2023-126
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted inthe ability to execute arbitrary commands on the operating system...
PYSEC-2023-125
FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service...
PYSEC-2023-123
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service...
PYSEC-2023-124
Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible...
PYSEC-2023-122
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition...
PYSEC-2023-132
copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=.... The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of t...
PYSEC-2023-133
Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...
PYSEC-2023-130
Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the...
PYSEC-2023-129
Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges such as a speaker and then someone...
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Impactaiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel.This vulnerability only affects users of aiohttp as an HT...
PYSEC-2023-128
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...
PYSEC-2023-117
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...
PYSEC-2023-308
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0...
PYSEC-2023-312
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...
PYSEC-2023-112
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...
PYSEC-2023-127
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the .cpr subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This...
PYSEC-2023-105
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...
PYSEC-2023-104
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...
PYSEC-2023-119
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL.It is recommended to upgrade to a version that is not affected...
PYSEC-2023-106
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang.It is recommended to upgrade to a version that is not affected...
PYSEC-2023-103
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...
PYSEC-2023-118
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
PYSEC-2023-116
xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...
PYSEC-2023-115
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
PYSEC-2023-114
DISPUTED A use-after-free issue was discovered in PyFindObjects function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue...
PYSEC-2023-111
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
PYSEC-2023-110
SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component...
PYSEC-2023-109
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...