848 matches found
Astra Linux - уязвимость в python3.11, python2.7, python3.7
There is a medium-severity vulnerability affecting CPython. Regular expressions that allow excessive backtracking during the tarfile.TarFile header parsing are vulnerable to ReDoS through specifically crafted tar archives...
Astra Linux - уязвимость в python2.7, python3.7
A flaw was discovered in Python, specifically in the FTP File Transfer Protocol client library when operating in PASV passive mode. The issue arises from how the FTP client defaults to trusting the host based on the PASV response. This flaw allows an attacker to create a malicious FTP server that...
Astra Linux - уязвимость в python3.11, python3.7
The email module, specifically the “BytesGenerator” class, did not properly quote newlines for email headers when serializing an email message. This issue occurs only when using “LiteralHeader” to write headers that do not follow email folding rules. The new behavior will reject incorrectly folde...
Astra Linux - уязвимость в python3.11, python3.7
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...
Astra Linux - уязвимость в python3.7, python2.7
There is a flaw in the urllib’s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server to which an HTTP client such as a web browser connects can trigger a Regular Expression Denial of Service ReDOS during an authentication request. This occurs when the server sends a...
Astra Linux - уязвимость в python3.11
It allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory, and modifying some file metadata. This vulnerability affects users who use the TarFile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract, with the...
Astra Linux - уязвимость в python3.11, python3.7
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...
Astra Linux - уязвимость в python2.7, python3.7
The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...
Astra Linux - уязвимость в python3.11, python3.7
When using http.cookies.Morsel, user-controlled cookie values and parameters may allow the injection of HTTP headers into messages. The patch rejects all control characters within cookie names, values, and parameters...
Astra Linux - уязвимость в python3.11
There is a HIGH-severity vulnerability affecting the CPython “zipfile” module, specifically the “zipfile.Path” class. It should be noted that the more commonly used API “zipfile.ZipFile” class is not affected. When iterating over the names of entries in a zip archive for example, methods like...
Astra Linux - уязвимость в python2.7, python3.7
A use-after-free exists in Python through version 3.9 via the heappushpop function in the heapq module...
Astra Linux - уязвимость в python3.11, python3.7
When an address list is folded, and the separating comma ends up on a folded line that needs to be encoded using Unicode, then the separator itself must also be encoded using Unicode. The expected behavior is that the separating comma remains a plain comma. However, this can lead to the address...
exploit_cve_2026_31431_py36
exploitc...
[SECURITY] Fedora 42 Update: python3.6-3.6.15-57.fc42
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...
Fedora 42 : python3.6 (2026-c1ca370c1a)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c1ca370c1a advisory. - Security fixes for CVE-2026-4786, CVE-2026-6100 Tenable has extracted the preceding description block directly from the Fedora security advisory...
Exploit for CVE-2026-31431
CVE-2026-31431-exploitpy2py3 A script...
exploits
Copyfail Privilege escalation...
SUSE CVE-2026-41140
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...
[SECURITY] Fedora 42 Update: python3.9-3.9.25-9.fc42
Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...
[SECURITY] Fedora 44 Update: python3.9-3.9.25-9.fc44
Python 3.9 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.9 package provides the "python3.9" executable: the...