[SECURITY] Fedora 43 Update: python-socketio-5.14.2-1.fc43

Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...

Fedora 43 : openapi-python-client (2025-42dd948b86)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-42dd948b86 advisory. - Update upstream version 0.26.1 - Delete old patch for the fix of the CLI tests fix-test-cli-1309.patch - Update allow-typer-0.19.patch Tenable has extracte...

CVE-2025-61911

Summary: The issue CVE-2025-61911 affects python-ldap up to version 3.4.4 (pre-3.4.5). When using ldap.filter.escape_filter_chars with escape_mode=1, the function can fail to fully escape characters if assertion_value is a crafted list or dict, risking LDAP injection. The 3.4.5 fix adds a type ch...

EUVD-2013-0031

Malware in sbrugna...

EUVD-2013-0033

Malware in sbrugna...

EUVD-2014-0093

Malware in sbrugna...

EUVD-2020-0121

Malware in sbrugna...

EUVD-2024-0801

Malicious code in bioql PyPI...

EUVD-2024-3492

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-40217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...

BIT-LIBPYTHON-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

CVE-2020-15141

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

RLSA-2024:9193 Moderate: python3.12-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

RLSA-2024:9457 Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

Linux Distros Unpatched Vulnerability : CVE-2013-1909

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName fie...

CVE-2020-15142

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

RHEL 7 : pki-core (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bootstrap: XSS in the tooltip or popover data-template attribute CVE-2019-8331 - pki: Dogtag's python...