EulerOS Virtualization 2.13.1 : python3 (EulerOS-SA-2026-2149)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

DEBIAN-CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

PT-2026-25840

Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 22.0.0 through 25.3.0 Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set cookie generate callback function returned a cookie value exceeding 256 bytes, pyOpenSSL woul...

AlmaLinux 9 : python3.9 (ALSA-2025:23342)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23342 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 cpython: Python HTMLParser quadratic complexity...

AlmaLinux 8 : python39:3.9 (ALSA-2025:23530)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23530 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts don't...

RLSA-2025:23342 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.9 security update

An update is available for python3.9. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language...

python39:3.9 security update

An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python3x-setuptools, module.python-iniconfig, module.python-wcwidth, module.python-ply, module.python39, python-psycopg2, python-psutil, python-chardet, module.python-pluggy, python-lxml,...

RockyLinux 8 : mysql:8.0 (RLSA-2025:1673)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1673 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

Medium: python3

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

[SECURITY] [DSA 4963-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4963-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2021 https://www.debian.org/security/faq -...

CVE-2006-3738

CVE-2006-3738 describes a buffer overflow in OpenSSL SSL_get_shared_ciphers across 0.9.7 (up to 0.9.7l) and 0.9.8 (up to 0.9.8f). The description notes unspecified impact with remote attack vectors using a long list of ciphers. A related CVE-2007-5135 (off-by-one) extends the risk to remote code ...

CVE-2002-1568

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service crash via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENTMASTERKEY messages,...

CVE-2002-1568

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service crash via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENTMASTERKEY messages,...

CVE-2002-0657

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key...