cpython: CPython: Logging Bypass in Legacy .pyc File Handling

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

Insufficient Logging

Overview Affected versions of this package are vulnerable to Insufficient Logging in the FileLoader class that incorrectly handles legacy SourcelessFileLoader for .pyc files. An attacker can bypass logging mechanisms sys.audit by crafting or manipulating .pyc files to avoid detection or auditing...

Fedora 43 : jupyterlab (2025-5ce0931fe3)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5ce0931fe3 advisory. jupyterlab 4.4.9 fixing CVE-2025-59842. ---- Rebuilt for Python 3.14.0rc3 bytecode change Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2021-32495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Radare2 has a use-after-free vulnerability in pyc parser's getnoneobject function. Attacker can read freed memory afterwards. This will allow attackers to cause...

Security update for python310

This update for python310 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...

Malicious PyPI Packages Using Compiled Python Code to Bypass Detection

Researchers have discovered a novel attack on the Python Package Index PyPI repository that employs compiled Python code to sidestep detection by application security tools. "It may be the first supply chain attack to take advantage of the fact that Python bytecode PYC files can be directly...

[ASA-202106-40] radare2: denial of service

Arch Linux Security Advisory ASA-202106-40 ========================================== Severity: Low Date : 2021-06-15 CVE-ID : CVE-2021-32613 Package : radare2 Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1950 Summary ======= The package radare2 before version...

radare2 资源管理错误漏洞

radare2 is a set of libraries and tools for working with binary files. A resource management error vulnerability exists in radare2 version 5.3.0 and prior versions, which stems from pyc parsing that could lead to a DoS. No detailed vulnerability details are available at this time...

Tesla SolarCity Solar Monitoring Gateway Trust Management Issue Vulnerability

Tesla SolarCity Solar Monitoring Gateway is an application from Tesla SolarCity Solar Monitoring Gateway Tesla, USA. Solar equipment is provided. A security vulnerability exists in Tesla SolarCity Solar Monitoring Gateway through 5.46.43, which stems from the use of hardcoded credentials Digi...

Python Steganography Tool: Stegosaurus

Python Steganography Tool A steganography tool for embedding payloads within Python bytecode. Stegosaurus is a steganography tool that allows embedding arbitrary payloads in Python bytecode pyc or pyo files. The embedding process does not alter the runtime behavior or file size of the carrier fil...

DEBIAN-CVE-2014-2094

Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory...