OESA-2025-2330 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2025-26443

In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2025-26443

CVE-2025-26443 affects Android’s HtmlToSpannedParser.parseHtml, where a logic error could permit installing apps without enabling installation from unknown sources. This is a local privilege escalation vulnerability (local vector, requires user interaction). The issue is tied to the parseHtml pat...

Malicious code in tweakers.net-html-parser (npm)

The package tweakers.net-html-parser was found to contain malicious code...

SUSE-SU-2025:02778-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler bsc1243273. - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 -...

Security update for python313

This update for python313 fixes the following issues: CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249. CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. CVE-2025-4435:...

Medium: python3.11

Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python3.11 Issue Correction: Run dnf update python3.11 --releasever...

Medium: python3.9

Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python3.9 Issue Correction: Run dnf update python3.9 --releasever...

SUSE-SU-2025:02597-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: Security gh-135034: Fixes multiple issues that allowed tarfile extraction filters filter="data...

Medium: python

Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

Medium: python3.12

Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python3.12 Issue Correction: Run dnf update python3.12 --releasever...

Medium: python3

Issue Overview: There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the...

AZL-64173 CVE-2025-6069 affecting package python3 for versions less than 3.9.19-14

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

UBUNTU-CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the html.parser.HTMLParser process that has worse-case quadratic complexity. An attacker can cause excessive resource consumption and application downtime by submitting specially crafted...

CVE-2025-6069 HTMLParser quadratic complexity when processing malformed inputs

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

CVE-2022-31743

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox 101...