Lucene search
K

25 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.13 views

Astra Linux – Vulnerability in Python 3.11

If the value passed to os.path.expandvars is controlled by the user, there is a possibility of performance degradation when expanding environment variables...

5.5CVSS6.3AI score0.00136EPSS
Exploits0References3
Redos
Redos
added 2026/05/05 12:0 a.m.8 views

ROS-20260505-73-0020

A vulnerability in the os.path.expandvars function of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...

5.5CVSS6.4AI score0.00136EPSS
Exploits0
OSV
OSV
added 2026/04/27 12:0 a.m.13 views

ALSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS6AI score0.01279EPSS
Exploits1References24
Github Security Blog
Github Security Blog
added 2026/04/10 7:24 p.m.7 views

PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool

Summary The executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This allows exfiltration of secrets stored in environment variabl...

7.4CVSS6.2AI score0.00273EPSS
Exploits1References3Affected Software1
SUSE Linux
SUSE Linux
added 2026/03/27 11:34 a.m.4 views

Security update for python311

This update for python311 fixes the following issues: Update to python 3.11.15: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
SUSE Linux
SUSE Linux
added 2026/03/27 9:4 a.m.10 views

Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
OSV
OSV
added 2026/03/27 9:4 a.m.6 views

SUSE-SU-2026:1107-1 Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References21
OSV
OSV
added 2026/03/19 12:47 p.m.1 views

SUSE-SU-2026:20796-1 Security update for python311

This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References17
OSV
OSV
added 2026/03/12 1:48 p.m.8 views

CLSA-2026-1773323311 python3.11: Fix of CVE-2025-6075

CVE-2025-6075: fix quadratic complexity in os.path.expandvars...

5.5CVSS6AI score0.00136EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.8 views

MiracleLinux 8 : python39:3.9 (AXSA:2025-11636:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11636:01 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts...

9.4CVSS6.8AI score0.01499EPSS
Exploits14References13
OSV
OSV
added 2025/12/30 12:16 p.m.5 views

OESA-2025-2869 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

5.5CVSS6.5AI score0.00136EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/12/18 1:21 p.m.5 views

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

5.5CVSS6.2AI score0.00136EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/12/18 1:35 a.m.11 views

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

5.5CVSS6.2AI score0.00136EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.4 views

SUSE SLED15: libpython3_6m1_0 / libpython3_6m1_0-32bit / python3 / python3-base / etc (SUSE-SU-2025:4368-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4368-1 advisory. - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation...

5.5CVSS6.3AI score0.00353EPSS
Exploits0References7
OSV
OSV
added 2025/12/11 3:12 p.m.4 views

SUSE-SU-2025:4368-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled bsc1252974. - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory EOCD record...

5.5CVSS6.6AI score0.00353EPSS
Exploits0References5
OSV
OSV
added 2025/12/09 5:22 p.m.4 views

SUSE-SU-2025:21207-1 Security update for python311

This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD is not checked by the 'zipfile' module bsc1251305. - CVE-2025-6075: Fixed the value passed to os.path.expandvars is user-controlled a performance...

5.5CVSS5.8AI score0.00353EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.7 views

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1309)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1309 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...

5.5CVSS6.4AI score0.00136EPSS
Exploits0References4
Amazon
Amazon
added 2025/12/08 12:0 a.m.5 views

Low: python3.11

Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3.11 Issue Correction: Run dnf update python3.11 --releasever 2023.9.20251208 or dnf update --advisory...

5.5CVSS6.5AI score0.00136EPSS
Exploits0
OSV
OSV
added 2025/12/05 11:13 a.m.4 views

BIT-PYTHON-MIN-2025-6075 Quadratic complexity in os.path.expandvars() with user-controlled template

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References10
OSV
OSV
added 2025/12/05 11:8 a.m.5 views

BIT-LIBPYTHON-2025-6075 Quadratic complexity in os.path.expandvars() with user-controlled template

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References10
Rows per page
Query Builder