F5 Networks BIG-IP : Python vulnerability (K000150749)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000150749 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-924)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-924 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-898)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-898 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...

CVE-2025-30358

Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to...

The vulnerability of the cpython module in the Python programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the cPython programming language in Python is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the dnspython tool for Python, related to improper validation of input data, allows a hacker to trigger a service failure.

The vulnerability of the dnspython tool for Python is related to insufficient validation of data entered by users. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the tqdm interpreter for the Python programming language allows a hacker to execute arbitrary code.

The vulnerability of the tqdm interpreter for the Python programming language is related to the implementation or modification of arguments. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Ubuntu: Security Advisory (USN-7348-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2025:0861-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0861-1 advisory. - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307. Tenable has extracted the preceding description...

SUSE SLES12 Security Update : python (SUSE-SU-2025:0814-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0814-1 advisory. - Reference to no longer used 'bracketedhost' variable in the fix for CVE-2025-0938 bsc1236705, bsc1223694. Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2018-1000808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in...

Linux Distros Unpatched Vulnerability : CVE-2013-2099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of...

Linux Distros Unpatched Vulnerability : CVE-2021-28861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which m...

GHSA-655Q-FX9R-782V Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis

CVE-2025-1716 Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited to run pip install and fetch a malicious package, enabling remote cod...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2025:0756-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0756-1 advisory. - Reference to no longer used 'bracketedhost' variable in the fix for CVE-2025-0938 bsc1236705, bsc1223694. Tenable has extracted the...

Amazon Linux 2 : python3 (ALAS-2025-2766)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2766 advisory. A defect was discovered in the Python ssl module where there is a memoryrace condition with the ssl.SSLContext methods...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Python vulnerability (USN-7280-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7280-1 advisory. It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could...

USN-7280-1: Python vulnerability

It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

USN-7280-1 python3.10, python3.12, python3.8 vulnerability

It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

CVE-2025-0108 - PAN-OS PoC SCRIPT /!\ Disclaimer: This...