65 matches found
EulerOS Virtualization 2.10.0 : python-jinja2 (EulerOS-SA-2026-1193)
According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with...
EulerOS Virtualization 2.10.1 : python-jinja2 (EulerOS-SA-2026-1142)
According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with...
MiracleLinux 9 : fence-agents-4.10.0-76.el9_5.6 (AXSA:2025-9811:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9811:03 advisory. jinja2: Jinja sandbox breakout through attr filter selecting format method CVE-2025-27516 Tenable has extracted the preceding description block directly from...
MiracleLinux 9 : fence-agents-4.10.0-76.el9_5.4.ML.1 (AXSA:2025-9553:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9553:01 advisory. fence-agents: Jinja has a sandbox breakout through indirect reference to format method rhel-9.5.z CVE-2024-56326 fence-agents: Jinja has a sandbox...
CVE-2025-66438
A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...
CVE-2025-66437
An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...
EUVD-2019-0068
Malware in sbrugna...
RLSA-2025:3113 Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: jinja2: Jinja sandbox breakout through attr filter selecting format...
EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2025-1839)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filte...
Important: Red Hat Security Advisory: python-jinja2 security update
An update for python-jinja2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.76 security and extras update
Red Hat OpenShift Container Platform release 4.12.76 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.1.8)
The version of AOS installed on the remote host is prior to 6.8.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.1.8 advisory. - BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-129...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.27 security and extras update
Red Hat OpenShift Container Platform release 4.17.27 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a security impact of...
ROS-20250430-07
A vulnerability in the compiler of the html templating tool jinja is related to a sandbox escape via the attr filter format selection method. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.10 security and extras update
Red Hat OpenShift Container Platform release 4.18.10 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.57 security and extras update
Red Hat OpenShift Container Platform release 4.13.57 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.49 security and extras update
Red Hat OpenShift Container Platform release 4.15.49 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a security impact of...
RHEL 8 : python-jinja2 (RHSA-2025:3671)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:3671 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
RHEL 9 : python-jinja2 (RHSA-2025:3585)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:3585 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
RHEL 9 : python-jinja2 (RHSA-2025:3588)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:3588 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...