Lucene search
K

227 matches found

RedHat Linux
RedHat Linux
added 5 days ago6 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.13: python3.13-3.13.14-1.4.hum1 aarch64, x8664 python3.13-debug-3.13.14-1.4.hum1 aarch64, x8664 python3.13-devel-3.13.14-1.4.hum1 aarch64, x8664 python3.13-freethreading-3.13.14-1.4.hum1...

7.8CVSS6.6AI score0.00805EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 5 days ago7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.12: python3.12-3.12.13-3.5.hum1 aarch64, x8664 python3.12-debug-3.12.13-3.5.hum1 aarch64, x8664 python3.12-devel-3.12.13-3.5.hum1 aarch64, x8664 python3.12-idle-3.12.13-3.5.hum1 aarch64,...

8.7CVSS7AI score0.00805EPSS
Exploits2References5
OSV
OSV
added 2026/06/29 11:14 a.m.6 views

BIT-PYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:10 a.m.6 views

BIT-LIBPYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
OSV
OSV
added 2026/06/23 4:4 p.m.6 views

PSF-2026-30

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51546

Name of the Vulnerable Software and Affected Versions Python tarfile affected versions not specified Description A flaw exists in the extractall function when using the 'data' or 'tar' filters. A specially crafted archive containing a hardlink that references a symlink stored at a deeper path can...

7.8CVSS5.8AI score0.00613EPSS
Exploits0References17
Circl
Circl
added 2026/05/08 3:33 a.m.9 views

CVE-2026-4330

creationtimestamp| type| source ---|---|--- 2026-05-08 03:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlcsb2udou2c...

4.3CVSS5.8AI score0.00542EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/06 6:19 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273

Summary IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273. This bulletin contains information regarding the vulnerability and its remediation...

8.8CVSS7.8AI score0.02646EPSS
Exploits12Affected Software1
EUVD
EUVD
added 2026/01/23 2:29 p.m.4 views

EUVD-2026-4330

Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through = 1.7.3...

5.3CVSS5.4AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 8 : python3-3.6.8-70.el8_10.ML.1 (AXSA:2025-10427:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10427:02 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

9.4CVSS6.7AI score0.01227EPSS
Exploits14References6
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.10 views

RHEL 8 : python39:3.9 (RHSA-2025:23530)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23530 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.4CVSS6.8AI score0.01499EPSS
Exploits14References27
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:9 p.m.11 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4330]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in Python that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata CVE-2025-4330. Python is used i...

7.5CVSS7.9AI score0.00805EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.8 views

TencentOS Server 4: python3.11 (TSSA-2025:0502)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0502 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.4CVSS7.1AI score0.01227EPSS
Exploits14References7
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.10 views

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-2339)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some fil...

9.4CVSS7.3AI score0.01227EPSS
Exploits14References6
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.9 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2370)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS7.3AI score0.01227EPSS
Exploits14References4
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2339)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS7.3AI score0.01227EPSS
Exploits14References4
OSV
OSV
added 2025/10/14 12:0 a.m.6 views

DLA-4330-1 ghostscript - security update

Bulletin has no description...

5.5CVSS7AI score0.00388EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/10/14 12:0 a.m.5 views

Debian: Security Advisory (DLA-4330-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.8AI score0.00388EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/06 12:0 a.m.7 views

RockyLinux 10 : python3.12 (RLSA-2025:10140)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:10140 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...

9.4CVSS6.7AI score0.01227EPSS
Exploits14References11
Rockylinux
Rockylinux
added 2025/10/04 12:11 a.m.16 views

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

9.4CVSS7.4AI score0.01227EPSS
Exploits14
Rows per page
Query Builder