92 matches found
Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1674)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1674 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handle...
cpython: CPython: Logging Bypass in Legacy .pyc File Handling
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...
cpython: CPython: Logging Bypass in Legacy .pyc File Handling
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...
BIT-LIBPYTHON-2026-2297 SourcelessFileLoader does not use io.open_code()
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
Linux Distros Unpatched Vulnerability : CVE-2026-2297
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode...
CVE-2026-2297
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
CVE-2026-2297
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
AZL-79491 CVE-2026-2297 affecting package tensorflow 2.16.1-11
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
ALPINE-CVE-2026-2297
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
CVE-2026-2297
CVE-2026-2297 concerns CPython’s import system: the SourcelessFileLoader (legacy .pyc handling) is misimplemented in FileLoader, causing it not to use io.open_code() to read .pyc files. As a result, sys.audit events for this audit point do not fire. The description notes an audit-impacting behavi...
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
CVE-2026-2297
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
PSF-2026-9
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
PT-2026-23068
Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description The import hook in CPython that handles legacy .pyc files using SourcelessFileLoader is incorrectly handled within FileLoader, a base class. This results in the failure to utilize io.open cod...
CVE-2026-3494
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2019-12847
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period...
Authorization Bypass
Liferay Portal and Liferay DXP are vulnerable to Authorization Bypass. The vulnerability is due to improper access control on the comliferayportalsecurityauditwebportletAuditPortletauditEventId parameter, which allows an authenticated attacker in one virtual instance to view audit events belongin...
EUVD-2015-2186
Malware in sbrugna...
EUVD-2021-21866
Malware in sbrugna...