Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include denial of service issues in the Linux kernel and Python components, command injection vulnerabilities in Python's imapli...

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. Versions of pip prior to 26.1 contained security vulnerabilities. These vulnerabilities stemmed from the self-update check feature, which ran after the installation of wheel files, potentially leading to the import of...

python27:2.7 security update

An update is available for python-mock, module.python-sqlalchemy, python-backports-sslmatchhostname, python-attrs, python-chardet, python2-rpm-macros, module.numpy, module.python-mock, python-pymongo, python-markupsafe, python2-six, module.python-funcsigs, module.python-pygments,...

python39:3.9 and python39-devel:3.9 security update

An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python-iniconfig, module.python-wcwidth, module.python-ply, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy, module.python-attrs...

python38:3.8 and python38-devel:3.8 security update

An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python3x-setuptools, module.python-wcwidth, module.python-ply, python-psycopg2, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy,...

TencentOS Server 3: python39:3.9 and python39-devel:3.9 (TSSA-2024:0768)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0768 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

OPENSUSE-SU-2025:20074-1 Security update for certbot

This update for certbot fixes the following issues: This update adds the certbot stack. python modules: ConfigArgParse, acme, certbot, certbot-nginx, josepy, pyRFC3339...

EUVD-2008-3133

Malware in sbrugna...

EUVD-2008-4375

Malware in sbrugna...

EUVD-2022-0040

Malicious code in bioql PyPI...

python36:3.6 security update

An update is available for module.python-virtualenv, python-virtualenv, python-distro, module.scipy, module.python-nose, module.python-wheel, module.python36, module.python-docutils, module.python-pygments, module.python-PyMySQL, python36, python-docs, python-pygments, scipy, python-PyMySQL,...

python36:3.6 bug fix and enhancement update

An update is available for module.python-sqlalchemy, module.python36, module.python-wheel, python-virtualenv, python-PyMySQL, python-wheel, python-distro, python-docutils, module.python-nose, python-docs, python36, module.scipy, scipy, module.python-docutils, python-pymongo, module.python-pygment...

PYSEC-2025-122

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : clamav (SUSE-SU-2025:0327-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0327-1 advisory. New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the...

RHEL 5 : gedit (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gedit: untrusted python modules search path CVE-2009-0314 - gedit: CPU consumption via crafted file...

RHEL 5 : xchat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xchat: untrusted python modules search path CVE-2009-0315 - xchat/hexchat: does not verify the server...

RHEL 6 : xchat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xchat: untrusted python modules search path CVE-2009-0315 - xchat/hexchat: does not verify the server...

python39 bug fix update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python-ply, python-requests, python-psutil, numpy, module.python-psutil, module.python-pycparser, module.python-cffi, pytest, module.python39,...

DL1 bug fix update

An update is available for python-jwcrypto, python-qrcode, module.python-yubico, python-yubico, module.opendnssec, module.pyusb, python-kdcproxy, softhsm, pyusb, custodia, module.custodia, module.python-kdcproxy, bind-dyndb-ldap, opendnssec, module.python-jwcrypto, module.softhsm,...

SUSE CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...