Lucene search
+L

63 matches found

nessus
nessus
added 2026/02/10 12:0 a.m.9 views

Siemens SCALANCE and RUGGEDCOM Incorrect Calculation (CVE-2025-4435)

When using a TarFile.errorlevel = 0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0in affected versions is that the member would still be extracted and not skipped. This plug...

7.5CVSS6.7AI score0.00474EPSS
Exploits1References4
ibm
ibm
added 2026/02/06 6:19 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273

Summary IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273. This bulletin contains information regarding the vulnerability and its remediation...

8.8CVSS7.8AI score0.02646EPSS
Exploits12Affected Software1
nessus
nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 8 : python3-3.6.8-70.el8_10.ML.1 (AXSA:2025-10427:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10427:02 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

9.4CVSS6.7AI score0.01227EPSS
Exploits14References6
nessus
nessus
added 2025/12/18 12:0 a.m.10 views

RHEL 8 : python39:3.9 (RHSA-2025:23530)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23530 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.4CVSS6.8AI score0.01499EPSS
Exploits14References27
nessus
nessus
added 2025/11/20 12:0 a.m.8 views

TencentOS Server 4: python3.11 (TSSA-2025:0502)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0502 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.4CVSS7.1AI score0.01227EPSS
Exploits14References7
openvas
openvas
added 2025/11/12 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2339)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS7.3AI score0.01227EPSS
Exploits14References4
openvas
openvas
added 2025/11/12 12:0 a.m.10 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2370)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS7.3AI score0.01227EPSS
Exploits14References4
nessus
nessus
added 2025/10/11 12:0 a.m.9 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2242)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Allows arbitrary filesystem writes outside the extraction directory during extraction with filter='data'. You are affected by this vulnerability ...

9.4CVSS7.3AI score0.01227EPSS
Exploits14References5
nessus
nessus
added 2025/10/06 12:0 a.m.7 views

RockyLinux 10 : python3.12 (RLSA-2025:10140)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:10140 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...

9.4CVSS6.7AI score0.01227EPSS
Exploits14References11
rocky
rocky
added 2025/10/04 12:11 a.m.16 views

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

9.4CVSS7.4AI score0.01227EPSS
Exploits14
openvas
openvas
added 2025/08/08 12:0 a.m.6 views

openSUSE Security Advisory (SUSE-SU-2025:02717-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.00611EPSS
Exploits1References6
nessus
nessus
added 2025/08/07 12:0 a.m.10 views

SUSE SLED15: libpython3_11-1_0 / libpython3_11-1_0-32bit / python311 / etc (SUSE-SU-2025:02717-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02717-1 advisory. - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc124724...

7.5CVSS6.7AI score0.00611EPSS
Exploits1References10
ibm
ibm
added 2025/07/31 2:24 p.m.18 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.299 Vulnerability Details CVEID:CVE-2025-4330 DESCRIPTION: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

8.7CVSS8.3AI score0.35963EPSS
Exploits5Affected Software1
rocky
rocky
added 2025/07/29 1:38 p.m.7 views

python3.11 security update

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

9.4CVSS6.3AI score0.01227EPSS
Exploits14
osv
osv
added 2025/07/29 1:38 p.m.8 views

RLSA-2025:10031 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.6CVSS7.1AI score0.01227EPSS
Exploits14References6
openvas
openvas
added 2025/07/14 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2025-266a1353a1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS8AI score0.01227EPSS
Exploits14References2
nessus
nessus
added 2025/07/13 12:0 a.m.6 views

Fedora 41 : python3.6 (2025-a8abfbb35c)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a8abfbb35c advisory. Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 Tenable has extracted the preceding description block...

9.4CVSS6.9AI score0.01227EPSS
Exploits14References6
nessus
nessus
added 2025/07/13 12:0 a.m.6 views

Fedora 42 : python3.6 (2025-266a1353a1)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-266a1353a1 advisory. Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 Tenable has extracted the preceding description block...

9.4CVSS6.9AI score0.01227EPSS
Exploits14References6
osv
osv
added 2025/07/11 4:3 p.m.13 views

SUSE-SU-2025:02297-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

9.4CVSS7.5AI score0.01227EPSS
Exploits14References17
nessus
nessus
added 2025/07/07 12:0 a.m.8 views

RHEL 9 : python3.9 (RHSA-2025:10399)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10399 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.4CVSS7.3AI score0.01227EPSS
Exploits14References12
Rows per page
Query Builder