208 matches found
Astra Linux – Vulnerability in Python 3.11
User-controlled header names and values containing newlines can allow for the injection of HTTP headers...
Astra Linux – Vulnerability in Python 3.11
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially leading to Out-of-Memory errors or other types of...
Astra Linux – Vulnerability in Python 3.11
When using TarFile.errorlevel = 0 and extracting with a filter, the documented behavior is that any filtered members would be skipped and not extracted. However, the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member will still be extracted and not skipped...
Important: Red Hat Security Advisory: python3.11 security update
An update for python3.11 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Directory Traversal
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the filtersafetarinfos and filtersafezipinfos functions in the archive extraction utilities. An attacker can write arbitrary files outside the...
EUVD-2026-36244
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...
CVE-2026-11816 Path Traversal in keras-team/keras
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...
Security update for salt
This update for salt fixes the following issue: Security issues fixed: CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 Harden Torna...
SUSE-SU-2026:2252-1 Security update for salt
This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...
Moderate: Red Hat Security Advisory: python3.11 security update
An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ALSA-2026:19175 Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
GHSA-MQ5J-PW29-JCV3 Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`
Summary Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a local .tar.gz that is not recognized as a plugin-format bundle, APM probes whether it is a...
OPENSUSE-SU-2026:10758-1 python311-GitPython-3.1.49-1.1 on GA media
These are all security issues fixed in the python311-GitPython-3.1.49-1.1 package on the GA media of openSUSE Tumbleweed...
RHSA-2026:13692 Red Hat Security Advisory: python3.11 security update
Bulletin has no description...
ROS-20260505-73-0057
Vulnerability in python3.11 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2026-1620)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1620 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...
Important: python3.11
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
RLSA-2026:11062 Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
RockyLinux 8 : python3.11 (RLSA-2026:11062)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...