Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.3 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1345)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...

7.5CVSS6.7AI score0.01525EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : python3.9-3.9.25-2.el9_7 (AXSA:2025-11589:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11589:05 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 cpython: Python HTMLParser quadratic complexity...

6.5CVSS6.4AI score0.00744EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/06 12:0 a.m.6 views

RHEL 8 : python3.12 (RHSA-2026:0123)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0123 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

6.3CVSS6.9AI score0.00708EPSS
Exploits0References7
OSV
OSV
added 2026/01/06 12:0 a.m.11 views

ALSA-2026:0123 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.3CVSS6.6AI score0.00708EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/23 12:0 a.m.7 views

AlmaLinux 9 : python3.12 (ALSA-2025:23323)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:23323 advisory. cpython: python: Python zipfile End of Central Directory EOCD Locator record offset not checked CVE-2025-8291 Tenable has extracted the preceding description bloc...

4.3CVSS6.9AI score0.00353EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/12/22 4:40 p.m.8 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.2AI score0.00353EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.425 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.2AI score0.00353EPSS
Exploits0References9
AlmaLinux
AlmaLinux
added 2025/12/16 12:0 a.m.4 views

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.5CVSS6.7AI score0.00744EPSS
Exploits0References10
Ubuntu
Ubuntu
added 2025/11/24 2:53 p.m.7 views

USN-7886-1: Python vulnerabilities

It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. CVE-2025-6075 Caleb Brown discovered that Python incorrectly handled the ZIP64 End ...

5.5CVSS6.8AI score0.00353EPSS
Exploits0
Amazon
Amazon
added 2025/10/27 12:0 a.m.5 views

Medium: python3.11

Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...

4.3CVSS6.7AI score0.00353EPSS
Exploits0
OSV
OSV
added 2025/10/14 9:25 a.m.2 views

BIT-LIBPYTHON-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

4.3CVSS6.8AI score0.00353EPSS
Exploits0References13
OSV
OSV
added 2025/10/07 6:16 p.m.6 views

AZL-68318 CVE-2025-8291 affecting package python3 for versions less than 3.12.9-5

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References1
OSV
OSV
added 2025/10/07 6:16 p.m.6 views

AZL-68321 CVE-2025-8291 affecting package python3 for versions less than 3.9.19-16

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References1
CVE
CVE
added 2025/10/07 6:10 p.m.46 views

CVE-2025-8291

CVE-2025-8291 affects the Python standard library's zipfile handling. The Zip64 End of Central Directory (EOCD) Locator offset was not validated to match the expected value, causing the zipfile module to treat the EOCD record as the previous entry in the archive, leading to inconsistent handling ...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 6:10 p.m.3 views

EUVD-2025-32734

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

4.3CVSS6.3AI score0.00353EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/07 6:10 p.m.1 views

CVE-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...

4.3CVSS6.4AI score0.00353EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.6 views

SUSE CVE-2015-6783

The FindStartOffsetOfFileInZipFile function in crazylinkerzip.cpp in crazylinker aka Crazy Linker in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP...

4.3CVSS8.8AI score0.01233EPSS
Exploits0References5
Carbon Black Blog
Carbon Black Blog
added 2019/02/11 12:45 p.m.70 views

TAU Threat Intelligence Notification: Java Embedded MSI Files

Summary Application whitelisting provides environments with access controls to stop unauthorized software from executing. This is accomplished by utilizing file and folder attributes including but not limited to file path, filename, digital signature, publisher, cryptographic hash and product nam...

0.3AI score
Exploits0
OSV
OSV
added 2017/09/01 5:29 p.m.3 views

DEBIAN-CVE-2017-14107

The zipreadeocd64 function in zipopen.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service memory allocation failure in zipcdirgrow in zipdirent.c via a crafted ZIP archive...

6.5CVSS6.7AI score0.032EPSS
Exploits0References1
exploitpack
exploitpack
added 2015/01/07 1:59 p.m.21 views

KenWards-Zipper-1.400

This exploit takes advantage of the fact too many characters get mangled, as a result I was able to get a shell in a more straight forward way. Very interesting exercise. Mrme and tecR0c figured out this trick, of course. But I was given the honor to share it. Zip file format based on:...

7.2AI score
Exploits0
Rows per page
Query Builder