SUSE SLED15: libpython3_13-1_0 / python313 / python313-base / python313-curses / etc (SUSE-SU-2025:3706-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3706-1 advisory. Update to version 3.13.7. - Fixes in 3.13.7: gh-137583: Fix a deadlock introduced in 3.13.6 when a call to...

Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.7. Fixes in 3.13.7: gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object such as ssl.SSLSocket.send was subsequently called in...

SUSE-SU-2025:3706-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.7. - Fixes in 3.13.7: gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object such as ssl.SSLSocket.send was subsequently called i...

EUVD-2025-29478

Malicious code in bioql PyPI...

Arbitrary Code Execution (ACE)

picklescan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the use of doctest.debugscript to execute remote pickle files, which allows an attacker to execute arbitrary code on the target system...

Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

GHSA-FQQ6-7VQF-W3FG Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

RUSTSEC-2024-0018 ObjectPool creates uninitialized memory when freeing objects

As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...