Azure Linux 3.0 Security Update: python3 (CVE-2024-0450)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0450 advisory. - An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1098)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1059)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei HarmonyOS Account Module Elevation of Privilege Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a privilege extraction vulnerability in the Account module. An attacker could exploit t...

RHEL 8 : firefox (RHSA-2025:0133)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:0133 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

K000149184: Python vulnerabilities CVE-2022-26488, CVE-2019-16056, and CVE-2019-5010

Security Advisory Description CVE-2022-26488 In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must...

CVE-2024-56599 wifi: ath10k: avoid NULL pointer error during sdio remove

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: avoid NULL pointer error during sdio remove When running 'rmmod ath10k', ath10ksdioremove will free sdio workqueue by destroyworkqueue. But if CONFIGINITONFREEDEFAULTON is set to yes, kernel panic will happen: Call...

CVE-2024-53221

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fssubmitpagebio There's issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range 0x0000000000000020-0x0000000000000027 RIP:...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2024-788)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-788 advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spe...

USN-7015-1: Python vulnerabilities

It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. CVE-2023-27043 It was discovered that Python allowed excessive backtracking while parsing...

Unspecified Vulnerability in Google Chrome (CNVD-2024-35096)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that stems from an improper implementation issue found in the Skia module. No details of the vulnerability are provided at this time...

Unspecified Vulnerability in Google Chrome (CNVD-2024-35100)

Google Chrome is a web browser from Google, an American company. Google Chrome has a security vulnerability that stems from a post-release usage issue found in the DevTools module. No details of the vulnerability are provided at this time...

AZL-43198 CVE-2024-5569 affecting package python-zipp for versions less than 3.17.0-3

A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the...

PT-2024-4425

Name of the Vulnerable Software and Affected Versions PyMongo versions 4.6.2 and earlier Description The issue is related to an out-of-bounds read in the 'bson' module, allowing deserialization of malformed BSON provided by a server. This can lead to an exception that may contain arbitrary...

PT-2024-14554 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves the vulnerability of input parameters not being strictly verified in the RSMC module. Successful exploitation of this issue may cause...

CVE-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

CVE-2023-7226

A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be...

PT-2023-15878 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a stability-related vulnerability in the binder background management and control module. Successful exploitation of this...

PT-2025-18805

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-96.el9.x86 64 Description A vulnerability in the Linux kernel has been resolved, specifically in the scsi: qla2xxx module. The issue occurred when a command was completed in the abort path during driver...

SUSE CVE-2016-1249

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service out-of-bounds read via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression...