958 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an incorrect calculation in python [CVE-2025-4435]
Summary IBM Watson Speech Services Cartridge is vulnerable to an incorrect calculation in python, due to an issue with 'TarFile.errorlevel = 0 ' that causes filtered members to be skipped and not extracted CVE-2025-4435. Python is used in our speech service runtimes. This vulnerabilitiy has been...
ALSA-2025:23530 Important: python39:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python39:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
RHEL 10 : python3.12 (RHSA-2025:14984)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14984 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0)
The version of AHV installed on the remote host is prior to AHV-11.0. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0 advisory. - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of...
Path Traversal
Keras is vulnerable to path traversal. The vulnerability is due to the keras.utils.getfile API using Python’s tarfile.extractall without the filter="data" protection when extracting tar archives, which allows a remote attacker to craft a malicious archive with symlinks and write arbitrary files...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2488)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...
EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2529)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...
EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2508)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2469)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...
CLSA-2025-1765376235 python3.11-pip: Fix of CVE-2007-4559
CVE-2007-4559: fix for tarfile directory traversal vulnarability...
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103084)
The version of AHV installed on the remote host is prior to 20230302.103084. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103084 advisory. - A vulnerability has been identified in the libarchive library, specifically within the...
GHSA-HJQC-JX6G-RWP9 Keras Directory Traversal Vulnerability
Summary Keras's keras.utils.getfile function is vulnerable to directory traversal attacks despite implementing filtersafepaths. The vulnerability exists because extractarchive uses Python's tarfile.extractall method without the security-critical filter="data" parameter. A PATHMAX symlink resoluti...
Keras Directory Traversal Vulnerability
Summary Keras's keras.utils.getfile function is vulnerable to directory traversal attacks despite implementing filtersafepaths. The vulnerability exists because extractarchive uses Python's tarfile.extractall method without the security-critical filter="data" parameter. A PATHMAX symlink resoluti...
TencentOS Server 4: python3.11 (TSSA-2025:0502)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0502 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 3: python3.12 (TSSA-2024:0799)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0799 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 3: python3 (TSSA-2025:0559)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0559 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 4: python3.12 (TSSA-2025:0625)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0625 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CLSA-2025-1763054281 python: Fix of CVE-2025-8194
CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and entry enumeration APIs...
CLSA-2025-1763033941 python: Fix of CVE-2025-8194
CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and entry enumeration APIs...