Lucene search
K

85 matches found

OSV
OSV
added 2026/05/29 4:3 p.m.16 views

RLSA-2026:19019 Important: python3.14 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.1CVSS6.6AI score0.00621EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/05/19 6:30 p.m.13 views

cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References10
OSV
OSV
added 2026/05/19 2:44 p.m.7 views

OPENSUSE-SU-2026:20769-1 Security update for mozjs115

This update for mozjs115 fixes the following issues: Changes in mozjs115: - CVE-2026-32776: Fixed a NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728 - CVE-2026-32777: Fixed a denial of service due to infinite loop in DTD...

5.5CVSS7.1AI score0.00216EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

SUSE SLES15 Security Update : mozjs78 (SUSE-SU-2026:1956-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1956-1 advisory. This update for mozjs78 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty...

5.5CVSS5.9AI score0.00216EPSS
Exploits1References10
OSV
OSV
added 2026/05/18 7:57 a.m.10 views

SUSE-SU-2026:1956-1 Security update for mozjs78

This update for mozjs78 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. - CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.12 views

SUSE SLES15 Security Update : mozjs52 (SUSE-SU-2026:1742-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1742-1 advisory. This update for mozjs52 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external paramete...

5.5CVSS5.9AI score0.00216EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.10 views

RockyLinux 8 : python3.12 (RLSA-2026:10950)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10950 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

9.1CVSS7AI score0.01279EPSS
Exploits1References23
OSV
OSV
added 2026/04/27 12:0 a.m.13 views

ALSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS6AI score0.01279EPSS
Exploits1References24
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.13 views

SUSE SLES15 Security Update : python311 (SUSE-SU-2026:1530-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1530-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References16
SUSE Linux
SUSE Linux
added 2026/04/21 11:4 a.m.9 views

Security update for python311

This update for python311 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-3479: python: improper resource argument validation can allow path traversal bsc1259989. CVE-2026-3644: incomplete contr...

8.2CVSS5.8AI score0.00621EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.9 views

SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:1417-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1417-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479: improper...

7.5CVSS6.8AI score0.00621EPSS
Exploits0References16
OSV
OSV
added 2026/04/15 7:6 p.m.7 views

SUSE-SU-2026:1376-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-3479: improper resource argument validation in pkgutil.getdata can lead to pa...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 2026/04/15 1:37 p.m.7 views

Security update for python313

This update for python313 fixes the following issues: Update to v3.13.13 CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass bsc1259240...

8.3CVSS5.9AI score0.00621EPSS
Exploits0References30
SUSE Linux
SUSE Linux
added 2026/04/15 1:36 p.m.5 views

Security update for expat

This update for expat fixes the following issues: CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. CVE-2026-32778: NUL...

8.7CVSS5.8AI score0.00216EPSS
Exploits1References12
OSV
OSV
added 2026/04/11 2:5 p.m.4 views

OESA-2026-1886 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References3
OSV
OSV
added 2026/04/11 2:5 p.m.5 views

OESA-2026-1884 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.4 views

openSUSE 16 Security Update : expat (openSUSE-SU-2026:20448-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20448-1 advisory. - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. -...

5.5CVSS6AI score0.00216EPSS
Exploits1References9
OSV
OSV
added 2026/04/02 1:8 a.m.4 views

SUSE-SU-2026:1166-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

5.5CVSS5.9AI score0.00216EPSS
Exploits1References7
OSV
OSV
added 2026/03/30 3:1 p.m.4 views

SUSE-SU-2026:20985-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References7
Mageia
Mageia
added 2026/03/20 9:17 p.m.11 views

Updated expat packages fix security vulnerabilities

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References2
Rows per page
Query Builder