MiracleLinux 9 : python-pip-21.2.3-7.el9 (AXSA:2023-6874:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6874:01 advisory. python: tarfile module directory traversal CVE-2007-4559 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : python3.12-3.12.6-1.el8_10 (AXSA:2024-8970:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8970:09 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...

MiracleLinux 9 : python3.11-3.11.11-2.el9_6.1 (AXSA:2025-10624:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10624:06 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

MiracleLinux 8 : python3.12-3.12.11-1.el8_10 (AXSA:2025-10429:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10429:06 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

MiracleLinux 9 : python3.12-3.12.9-1.el9_6.1 (AXSA:2025-10625:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10625:08 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

MiracleLinux 7 : python3-3.6.8-21.0.4.el7.AXS7 (AXSA:2025-11000:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11000:05 advisory. CVE-2007-4559: implement PEP 706 a filter in the tarfile module to prevent directory traversal vulnerability CVEs: CVE-2007-4559 Directory traversal...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4138]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in in Python that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. CVE-2025-4138. Python is us...

GHSA-HJQC-JX6G-RWP9 Keras Directory Traversal Vulnerability

Summary Keras's keras.utils.getfile function is vulnerable to directory traversal attacks despite implementing filtersafepaths. The vulnerability exists because extractarchive uses Python's tarfile.extractall method without the security-critical filter="data" parameter. A PATHMAX symlink resoluti...

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2019-20907)

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

TencentOS Server 3: python3.11 (TSSA-2025:0802)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0802 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 2: python3 (TSSA-2025:0803)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0803 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: python3 (TSSA-2025:0796)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0796 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CLSA-2025-1760987651 python3: Fix of CVE-2025-8194

Bump package Release to 21.0.5 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2242)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter='data'. You are affected by this vulnerability ...

AlmaLinux 10 : python3.12 (ALSA-2025:10140)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10140 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...

OESA-2025-2305 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

cpython: Cpython infinite loop when parsing a tarfile

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module...

cpython: Cpython infinite loop when parsing a tarfile

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module...

cpython: Cpython infinite loop when parsing a tarfile

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module...