193 matches found
Astra Linux – Vulnerability in Python 3.11
The webbrowser.open API accepts URLs with leading hyphens, which can be treated as command-line options for certain web browsers. However, the new behavior disallows the use of leading hyphens. It is recommended that users sanitize URLs before passing them to webbrowser.open...
Astra Linux – Vulnerability in Python 3.11
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model, a C stack overflow occurs...
Astra Linux – Vulnerability in Python 3.11
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class, and therefore does not use io.opencode to read the .pyc files. As a result, the sys.audit handlers for this audit event do not trigger...
Astra Linux – Vulnerability in Python 3.11
The “tarfile” module will still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even when processing multi-block members such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could lead to a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...
Astra Linux – Vulnerability in Python 3.11
The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...
Astra Linux – Vulnerability in Python 3.11
When loading a plist file, the plistlib module reads data in a size specified by the file itself. This means that a malicious file can cause out-of-memory OOM and denial-of-service DoS issues...
Astra Linux – Vulnerability in Python 3.11
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL’s media type...
Astra Linux – Vulnerability in Python 3.11
When using http.cookies.Morsel, user-controlled cookie values and parameters may allow the injection of HTTP headers into messages. The patch rejects all control characters within cookie names, values, and parameters...
Oracle Linux 9 : python3.11 (ELSA-2026-19175)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19175 advisory. - Security fixes for CVE-2026-4786, CVE-2026-6100 Resolves: RHEL-168158, RHEL-167916 - Security fix for CVE-2026-4519 Resolves: RHEL-158053 Tenable ha...
RHSA-2026:26187 Red Hat Security Advisory: python3.11 security update
Bulletin has no description...
SUSE SLED15 / SLES15 Security Update : python311 (SUSE-SU-2026:2298-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2298-1 advisory. - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Tenable has extracted the preceding...
CVE-2026-11816
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...
CVE-2026-11816
CVE-2026-11816 affects Keras
CVE-2026-11816 Path Traversal in keras-team/keras
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...
Security update for python311
This update for python311 fixes the following issues: CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...
SUSE-SU-2026:2257-1 Security update for salt
This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...
Security update for salt
This update for salt fixes the following issue: Security issues fixed: CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 Harden Torna...
SUSE-SU-2026:2256-1 Security update for salt
This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...
SUSE-SU-2026:2255-1 Security update 5.0.8 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 - CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer...
Security update 5.0.8 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...