SUSE SLED15 / SLES15 / openSUSE 15 Security Update : protobuf (SUSE-SU-2026:0374-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0374-1 advisory. - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict...

Siemens Ruggedcom ROX Improper Validation of Specified Type of Input (CVE-2024-11168)

he urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. This plugin only works with Tenable.ot...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2022-0391)

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libffi (UTSA-2025-003040)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-003040 advisory. A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string...

SUSE-SU-2025:20364-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API bsc1241551. - CVE-2025-32415: Fixed heap-based buffer under-read via crafted XML documents bsc1241453...

SUSE-SU-2025:1435-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. bsc1241551 - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. bsc1241453...

SUSE CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

SUSE CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

CLSA-2022-1646665957 Fix of CVE: CVE-2022-0391

CVE-2022-0391: Add stripping ASCII newline and tabs from the url by urllib.parse...

PYSEC-2019-61

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

PYSEC-2019-60

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

UBUNTU-CVE-2019-19275

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...