CLSA-2025-1758101854 Fix CVE(s): CVE-2025-8194

SECURITY UPDATE: defect in TarFile module leading to infinite loop and deadlock - debian/patches/CVE-2025-8194.patch: Validate archives to ensure member offsets are non-negative - CVE-2025-8194...

CVE-2025-39809

In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-quicki2c: Fix ACPI dsd ICRS/ISUB length The QuickI2C ACPI DSD methods return ICRS and ISUB data with a trailing byte, making the actual length is one more byte than the structs defined. It caused...

SUSE-SU-2025:03180-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024141 fixes several issues. The following security issues were fixed: - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237930. - CVE-2025-38001: netsched: hfsc: Address...

OESA-2025-2102 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.

...

Human-Written Vs. AI-Generated Code: a Large-Scale Study of Defects, Vulnerabilities, and Complexity

As AI code assistants become increasingly integrated into software development workflows, understanding how their code compares to human-written programs is critical for ensuring reliability, maintainability, and security. In this paper, we present a large-scale comparison of code authored by hum...

Linux Distros Unpatched Vulnerability : CVE-2022-2048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning ...

Linux Distros Unpatched Vulnerability : CVE-2015-6824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The swsinitcontext function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to...

SUSE CVE-2025-9157

A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untruncpacket of the file src/tcpedit/editpacket.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The...

Important: python3

Issue Overview: There is a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously...

Important: python

Issue Overview: There is a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously...

Amazon Linux 2 : python3 (ALAS-2025-2962)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2962 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementatio...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1136)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1136 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error,...

WordPress plugin Software Issue Manager 跨站脚本漏洞

The WordPress Software Issue Manager plugin is a project-based WordPress plugin for tracking software defects, issues, tasks, and product feature requests, with support for customized reporting. The WordPress Software Issue Manager plugin suffers from a cross-site scripting vulnerability that ste...

Python DoS Vulnerability (Jul 2025) - Mac OS X

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

UBUNTU-CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

PSF-2025-11

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

NewStart CGSL MAIN 7.02 : python3.11 Multiple Vulnerabilities (NS-SA-2025-0109)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by multiple vulnerabilities: - A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly,...