293 matches found
ROS-20250923-03
A vulnerability in the Python programming language interpreter CPython is related to insufficient validation of user data in Lib/email/headervalueparser.py. user data in Lib/email/headervalueparser.py. Exploitation of the vulnerability could allow an attacker acting remotely to execute a spoofing...
ROS-20250923-01
The vulnerability in the Python programming language interpreter CPython is due to the fact that Cpython does not prohibits setting an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the OpenSSL base API when using NPN. Exploitation of the vulnerability could allow an...
GHSA-CJ3C-V495-4XQH Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter
Summary Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to code.InteractiveInterpreter.runcode function in reduce meth...
CVE-2025-8672
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...
[SECURITY] Fedora 42 Update: python3-docs-3.13.6-1.fc42
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
ROS-20250813-01
A vulnerability in the tarfile module of the Python programming language interpreter CPython is associated with incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
CVE-2025-8672
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...
CVE-2025-8672
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...
CVE-2025-8672
The CVE describes a TCC bypass in macOS GIMP where a bundled Python interpreter inherits the user’s TCC permissions granted to GIMP. With local access, an attacker can invoke this interpreter to run arbitrary commands and access files in privacy-protected folders without prompting the user, abusi...
GIMP 安全漏洞
GIMP is an open source bitmap image editor from the GIMP team. A security vulnerability exists in GIMP that stems from the Python interpreter inheriting TCC permissions, which could lead to unauthorized access to privacy-protected folders...
CVE-2025-48945 pycares has a Use-After-Free Vulnerability
pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS...
CVE-2024-20285
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20286
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2024-20284
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
CVE-2021-29614
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...
CVE-2020-26268
In affected versions of TensorFlow the tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the...
CVE-2025-4280
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
CVE-2025-4280
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
CVE-2025-4280
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
CVE-2025-4280 TCC Bypass via Inherited Permissions in Bundled Interpreter in Poedit.app
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...