CLSA-2025-1763033745 python: Fix of CVE-2025-8194

CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and entry enumeration APIs...

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2019-20907)

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

MGASA-2025-0280 Updated python3 packages fix security vulnerabilities

URL parser allowed square brackets in domain names. CVE-2025-0938 Mishandling of comma during folding and unicode-encoding of email headers. CVE-2025-1795 Virtual environment venv activation scripts don't quote paths. CVE-2024-9287 Use-after-free in "unicodeescape" decoder with error handler...

Updated python3 packages fix security vulnerabilities

URL parser allowed square brackets in domain names. CVE-2025-0938 Mishandling of comma during folding and unicode-encoding of email headers. CVE-2025-1795 Virtual environment venv activation scripts don't quote paths. CVE-2024-9287 Use-after-free in "unicodeescape" decoder with error handler...

CLSA-2025-1762980908 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1762958892 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1762958654 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-2370)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some fil...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-2339)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some fil...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2370)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Astra Linux – Vulnerability in Python 3.11

There is a defect in the CPython “tarfile” module that affects the “TarFile” extraction and entry enumeration APIs. The tar implementation processes tar archives with negative offsets without errors, which can lead to an infinite loop and deadlock during the parsing of maliciously crafted tar...

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.1)

The version of AHV installed on the remote host is prior to AHV-10.3.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.1 advisory. - A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.1)

The version of AOS installed on the remote host is prior to 7.3.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.1 advisory. - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path...

ROS-20251029-03

A vulnerability in the tarfile module of the Python programming language is related to incorrect definition of symbolic links during file access. symbolic links during file access. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of protected...

OESA-2025-2538 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2308)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attacke...