python3 security update

3.6.8-21.0.11 - Security update CVE-2026-4519 Orabug: 39246828...

traefik-3.6.8-1.1 on GA media (moderate)

traefik-3.6.8-1.1 on GA media Announcement ID: openSUSE-SU-2026:10217-1 Rating: moderate Cross-References: CVE-2026-25949 CVSS scores: CVE-2026-25949 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25949 SUSE : 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N...

OPENSUSE-SU-2026:10217-1 traefik-3.6.8-1.1 on GA media

These are all security issues fixed in the traefik-3.6.8-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-25949

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

CVE-2026-25949

CVE-2026-25949 – Traefik TCP readTimeout bypass via STARTTLS on Postgres . Affects Traefik prior to v3.6.8. An unauthenticated client can bypass the entrypoint’s respondingTimeouts.readTimeout by sending a Postgres SSLRequest (STARTTLS) prelude, stall, and keep connections open indefinitely, caus...

CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

ASUS Live Update < 3.6.8 Embedded Malicious Code (CVE-2025-59374)

The version of ASUS Live Update installed on the remote host is prior to 3.6.8 and, therefore, affected by an embedded malicious code vulnerability. - Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The...

MiracleLinux 8 : python3-3.6.8-31.el8 (AXSA:2021-1204:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1204:01 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 python: infinite loop in the tarfile module via...

MiracleLinux 8 : gnutls-3.6.8-11.el8 (AXSA:2020-604:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-604:01 advisory. gnutls: session resumption works without master key allowing MITM CVE-2020-13777 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : python3-3.6.8-56.el8.ML.1 (AXSA:2023-7212:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7212:08 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : python3-3.6.8-21.0.3.el7.AXS7 (AXSA:2025-9726:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9726:01 advisory. - CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts CVEs: CVE-2024-9287 A vulnerability has been...

EUVD-2025-204660

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Linux Distros Unpatched Vulnerability : CVE-2022-4981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the...

SUSE CVE-2022-4981

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now publ...

CVE-2022-4981

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now publ...

CVE-2022-4981

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now publ...

CVE-2025-10486

The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-10486

The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

EUVD-2025-34543

The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.8 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

Linux Distros Unpatched Vulnerability : CVE-2022-3724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows CVE-2022-37...