227 matches found
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.13: python3.13-3.13.14-1.4.hum1 aarch64, x8664 python3.13-debug-3.13.14-1.4.hum1 aarch64, x8664 python3.13-devel-3.13.14-1.4.hum1 aarch64, x8664 python3.13-freethreading-3.13.14-1.4.hum1...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.12: python3.12-3.12.13-3.5.hum1 aarch64, x8664 python3.12-debug-3.12.13-3.5.hum1 aarch64, x8664 python3.12-devel-3.12.13-3.5.hum1 aarch64, x8664 python3.12-idle-3.12.13-3.5.hum1 aarch64,...
BIT-PYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory
tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...
BIT-LIBPYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory
tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...
PSF-2026-30
tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...
PT-2026-51546
Name of the Vulnerable Software and Affected Versions Python tarfile affected versions not specified Description A flaw exists in the extractall function when using the 'data' or 'tar' filters. A specially crafted archive containing a hardlink that references a symlink stored at a deeper path can...
CVE-2026-4330
creationtimestamp| type| source ---|---|--- 2026-05-08 03:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlcsb2udou2c...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273
Summary IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273. This bulletin contains information regarding the vulnerability and its remediation...
EUVD-2026-4330
Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through = 1.7.3...
MiracleLinux 8 : python3-3.6.8-70.el8_10.ML.1 (AXSA:2025-10427:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10427:02 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...
RHEL 8 : python39:3.9 (RHSA-2025:23530)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23530 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4330]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in Python that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata CVE-2025-4330. Python is used i...
TencentOS Server 4: python3.11 (TSSA-2025:0502)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0502 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-2339)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some fil...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2370)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2339)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-4330-1 ghostscript - security update
Bulletin has no description...
Debian: Security Advisory (DLA-4330-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RockyLinux 10 : python3.12 (RLSA-2025:10140)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:10140 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...
python3.12 security update
An update is available for python3.12. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...