ROS-20260505-73-0039

A vulnerability in the plistlib module of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260505-73-0036

A vulnerability in the plistlib module of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...

SUSE SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2026:1107-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1107-1 advisory. Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468:...

Security update for python311

This update for python311 fixes the following issues: Update to python 3.11.15: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

SUSE-SU-2026:1107-1 Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

Security update for python310

This update for python310 fixes the following issues: Update to Python 3.10.20: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

SUSE-SU-2026:1062-1 Security update for python310

This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

SUSE-SU-2026:20796-1 Security update for python311

This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2026-1376)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic...

OPENSUSE-SU-2026:20081-1 Security update for python313

This update for python313 fixes the following issues: - Update to 3.13.11: - Security - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 -...

Security update for python310

This update for python310 fixes the following issues: CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. CVE-2025-13836: use of...

SUSE SLES12 Security Update : python3 (SUSE-SU-2025:4538-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4538-1 advisory. - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default...

openSUSE 15 Security Update : python39 (SUSE-SU-2025:4522-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4522-1 advisory. - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availabili...

Security update for python39

This update for python39 fixes the following issues: CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. CVE-2025-13836: use of...

BIT-PYTHON-2025-13837 Out-of-memory when loading Plist

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...

AZL-71275 CVE-2025-13837 affecting package python3 3.9.19-19

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...

CVE-2025-13837

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...

EUVD-2022-51261

Malicious code in bioql PyPI...

BIT-PYTHON-MIN-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...