Security update for python-h2

This update for python-h2 fixes the following issues: CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

CLSA-2025-1757945157 python3.11: Fix of CVE-2025-8194

CVE-2025-8194: fix defect in 'TarFile' extraction and entry enumeration APIs to prevent infinite loop and deadlock when processing tar archives with negative offsets...

msdat

This is an offensive tool for Microsoft SQL Server MSSQL database exploitation. The tool is called "MSDAT" and is designed to perform various attacks on MSSQL databases, including reading and writing files, executing system commands, and more. The tool uses a variety of techniques, including OLE...

pwntools

This is a CTF Capture The Flag framework and exploit development library. It is a Python library that provides a set of tools for developing exploits and performing penetration testing. The library is designed to be extensible and customizable, allowing users to easily add new features and plugin...

CLSA-2025-1757608338 python: Fix of CVE-2016-5636

CVE-2016-5636: fix heap-based buffer overflow in zipimport.c...

OPENSUSE-SU-2025:15536-1 python311-deepdiff-8.6.1-1.1 on GA media

These are all security issues fixed in the python311-deepdiff-8.6.1-1.1 package on the GA media of openSUSE Tumbleweed...

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the standard library's xml.etree.ElementTree module, which is vulnerable to XML bombs. The defusedxml library defuses XML bombs by preventing...

UBUNTU-CVE-2025-58367

DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...

USN-7736-1 python-django vulnerability

It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to perform a SQL injection...

[SECURITY] [DLA 4290-1] python-h2 security update

Debian LTS Advisory DLA-4290-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert September 02, 2025 https://wiki.debian.org/LTS Package : python-h2 Version : 4.0.0-3+deb11u1 CVE ID : CVE-2025-57804 Debian Bug : 1112348 A vulnerability has been discovered in python-h2...

Linux Distros Unpatched Vulnerability : CVE-2025-57804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform...

aaz-dev (>=1.0.2 <=4.5.3), acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9) +1157 more potentially affected by CVE-2025-9375 via xmltodict (>=0.10.1 <=0.14.2)

xmltodict PYPI version =0.10.1, =1.0.2, =0.1.7, =0.0.7, =0.2.5a4, =0.0.1, =0.1.0, =0.17.9, =0.0.0.dev0, =0.1.0, =0.1.6 and more Source cves: CVE-2025-9375 Source advisory: SNYK:PYTHON-XMLTODICT-12427118...

xmltodict 安全漏洞

xmltodict is a Python library by the individual developer Martín Blech. A security vulnerability exists in xmltodict version 0.14.2, which stems from an XML injection issue that could lead to input data manipulation...

Linux Distros Unpatched Vulnerability : CVE-2022-42969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with...

GHSA-FQQ6-7VQF-W3FG Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

GHSA-P9W7-82W4-7Q8M Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label

Summary Using lib2to3.pgen2.pgen.ParserGenerator.makelabel function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

GHSA-X696-VM39-CP64 Picklescan has a missing detection when calling built-in python profile.Profile.run

Summary Using profile.Profile.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.run function in reduce method Then when the victim after...

K000153042: Python urllib vulnerability CVE-2019-18348

Security Advisory Description An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the...

fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +7 more potentially affected by CVE-2025-23303 via nemo-toolkit (>=2.0.0rc0 <=2.3.0)

nemo-toolkit PYPI version =2.0.0rc0, =0.1.2, =0.2.7, =1.0.0, =0.1.0, =1.0.0, =1.0.7 Source cves: CVE-2025-23303 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-12089392...

fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +7 more potentially affected by CVE-2025-23304 via nemo-toolkit (>=2.0.0rc0 <=2.3.0)

nemo-toolkit PYPI version =2.0.0rc0, =0.1.2, =0.2.7, =1.0.0, =0.1.0, =1.0.0, =1.0.7 Source cves: CVE-2025-23304 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-11953977...