90 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-14610
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file...
CVE-2026-14610
A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local...
Directory Traversal
Overview com.github.jknack:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Directory Traversal via the getResource function in FileTemplateLoader. An attacker can access arbitrary files on the server by supplying crafted template...
cpython: CPython: Logging Bypass in Legacy .pyc File Handling
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...
cpython: CPython: Logging Bypass in Legacy .pyc File Handling
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...
CLSA-2026-1778129970 python3.11: Fix of 7 CVEs
CVE-2026-0672: reject control characters in http.cookies cookie names, values, and parameters to prevent header injection - CVE-2026-3644: reject control characters in Morsel.update, |= operator, and unpickling paths missed by CVE-2026-0672; add output validation to BaseCookie.jsoutput -...
cpython: CPython: Logging Bypass in Legacy .pyc File Handling
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...
SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2026:1354-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1354-1 advisory. - Update to v3.13.13 - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYP...
Security update for python313
This update for python313 fixes the following issues: Update to v3.13.13 CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass bsc1259240...
Security update for python311
This update for python311 fixes the following issues: Updated to Python 3.11.15 CVE-2025-6075: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables bsc1252974. CVE-2025-11468: header injection when folding a long...
SUSE-SU-2026:21104-1 Security update for python313
This update for python313 fixes the following issues: Update to version 3.13.13. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-2297: incorrectly handled hook in FileLoader can...
SUSE-SU-2026:21178-1 Security update for python313
This update for python313 fixes the following issues: Update to version 3.13.13. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-2297: incorrectly handled hook in FileLoader can...
OPENSUSE-SU-2026:20517-1 Security update for python313
This update for python313 fixes the following issues: Update to version 3.13.13. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-2297: incorrectly handled hook in FileLoader can...
SUSE-SU-2026:20951-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting bsc1257181. - CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader bsc1259240...
SUSE-SU-2026:20956-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting bsc1257181. - CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader bsc1259240...
SUSE SLES15: libpython3_11-1_0 / python311 / python311-base / python311-curses / etc (SUSE-SU-2026:1117-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1117-1 advisory. Update to python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injectio...
Security update for python311
This update for python311 fixes the following issues: Update to python 3.11.15: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...
Security update for python312
This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...
SUSE-SU-2026:1107-1 Security update for python312
This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...
Security update for python310
This update for python310 fixes the following issues: Update to Python 3.10.20: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...