Safety CI > feihoo87/QuLab

master

1 year, 6 months ago

1fd13275

add setup

No dependencies with known security vulnerabilities.

master

1 year, 6 months ago

071cd17b

add monitor

No dependencies with known security vulnerabilities.

master

1 year, 6 months ago

b068fc65

new begin

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

5fe6ad15

Update dataclasses from 0.7 to 0.8

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

8916b4ee

Update pywin32 from 227 to 306

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

4f7be98f

Update u-msgpack-python from 2.6.0 to 2.8.0

pywin32 227 has known security vulnerabilities.

Package

Installed

Affected

Info

pywin32

227

>=0,<301

show

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

c82f4ac1

Update redis from 3.5.3 to 5.0.1

pywin32 227 has known security vulnerabilities.

Package

Installed

Affected

Info

pywin32

227

>=0,<301

show

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

8d5a84b8

Update pyzmq from 19.0.1 to 25.1.1

pywin32 227 has known security vulnerabilities.

Package

Installed

Affected

Info

pywin32

227

>=0,<301

show

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

649138d6

Update pyyaml from 5.3.1 to 6.0.1

pywin32 227 has known security vulnerabilities.

Package

Installed

Affected

Info

pywin32

227

>=0,<301

show

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

afa67944

Update pyvisa-py from 0.4.1 to 0.7.1

pywin32 227 and PyYAML 5.3.1 have known security vulnerabilities.

Package

Installed

Affected

Info

pywin32

227

>=0,<301

show

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

PyYAML

5.3.1

<5.4

show

Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
https://bugzilla.redhat.com/show_bug.cgi?id=1860466

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

c6a0d833

Update portalocker from 1.7.0 to 2.8.2

pywin32 227 and PyYAML 5.3.1 have known security vulnerabilities.

Package

Installed

Affected

Info

pywin32

227

>=0,<301

show

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

PyYAML

5.3.1

<5.4

show

Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
https://bugzilla.redhat.com/show_bug.cgi?id=1860466

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

53b568a7

Update pyvisa from 1.10.1 to 1.14.1

pywin32 227 and PyYAML 5.3.1 have known security vulnerabilities.

Package

Installed

Affected

Info

pywin32

227

>=0,<301

show

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

PyYAML

5.3.1

<5.4

show

Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
https://bugzilla.redhat.com/show_bug.cgi?id=1860466

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

79120ff1

Update scipy from 1.4.1 to 1.11.4

pywin32 227 and PyYAML 5.3.1 have known security vulnerabilities.

Package

Installed

Affected

Info

pywin32

227

>=0,<301

show

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

PyYAML

5.3.1

<5.4

show

Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
https://bugzilla.redhat.com/show_bug.cgi?id=1860466

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

0c56d375

Update numpy from 1.18.5 to 1.26.2

scipy 1.4.1, pywin32 227 and PyYAML 5.3.1 have known security vulnerabilities.

Package

Installed

Affected

Info

pywin32

227

>=0,<301

show

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

PyYAML

5.3.1

<5.4

show

Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
https://bugzilla.redhat.com/show_bug.cgi?id=1860466

pyup-scheduled-update-2023-12-04

1 year, 6 months ago

7dc8e052

Update nest-asyncio from 1.3.3 to 1.5.8

scipy 1.4.1, pywin32 227 and 2 other dependencies have known security vulnerabilities.

Package	Installed	Affected	Info
pywin32	227	>=0,<301	show An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.
numpy	1.18.5	<1.22.0	show Numpy 1.22.0 includes a fix for CVE-2021-34141: An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless." https://github.com/numpy/numpy/issues/18993
numpy	1.18.5	<1.22.2	show Numpy 1.22.2 includes a fix for CVE-2021-41495: Null Pointer Dereference vulnerability exists in numpy.sort in NumPy in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place. NOTE2: The specs we include in this advisory differ from the publicly available on other sources. For example, the advisory posted by the NVD indicate that versions up to and including 1.19.0 are affected. However, research by Safety CLI Cybersecurity confirms that the vulnerability remained unaddressed until version 1.22.2.
numpy	1.18.5	<1.21.0rc1	show Numpy 1.21.0rc1 includes a fix for CVE-2021-33430: A Buffer Overflow vulnerability in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulnerability. In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user. https://github.com/numpy/numpy/issues/18939
numpy	1.18.5	<1.22.0	show Numpy 1.22.0 includes a fix for CVE-2021-41496: Buffer overflow in the array_from_pyobj function of fortranobject.c, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally). https://github.com/numpy/numpy/issues/19000
PyYAML	5.3.1	<5.4	show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466