193 matches found
Astra Linux – Vulnerability in Python 3.11
The webbrowser.open API accepts URLs with leading hyphens, which can be treated as command-line options for certain web browsers. However, the new behavior disallows the use of leading hyphens. It is recommended that users sanitize URLs before passing them to webbrowser.open...
Astra Linux – Vulnerability in Python 3.11
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model, a C stack overflow occurs...
Astra Linux – Vulnerability in Python 3.11
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class, and therefore does not use io.opencode to read the .pyc files. As a result, the sys.audit handlers for this audit event do not trigger...
Astra Linux – Vulnerability in Python 3.11
The “tarfile” module will still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even when processing multi-block members such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could lead to a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...
Astra Linux – Vulnerability in Python 3.11
When using http.cookies.Morsel, user-controlled cookie values and parameters may allow the injection of HTTP headers into messages. The patch rejects all control characters within cookie names, values, and parameters...
Astra Linux – Vulnerability in Python 3.11
The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...
Astra Linux – Vulnerability in Python 3.11
When loading a plist file, the plistlib module reads data in a size specified by the file itself. This means that a malicious file can cause out-of-memory OOM and denial-of-service DoS issues...
Astra Linux – Vulnerability in Python 3.11
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL’s media type...
Oracle Linux 9 : python3.11 (ELSA-2026-19175)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19175 advisory. - Security fixes for CVE-2026-4786, CVE-2026-6100 Resolves: RHEL-168158, RHEL-167916 - Security fix for CVE-2026-4519 Resolves: RHEL-158053 Tenable ha...
RHSA-2026:26187 Red Hat Security Advisory: python3.11 security update
Bulletin has no description...
SUSE SLED15 / SLES15 Security Update : python311 (SUSE-SU-2026:2298-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2298-1 advisory. - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Tenable has extracted the preceding...
CVE-2026-11816 Path Traversal in keras-team/keras
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...
CVE-2026-11816
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...
CVE-2026-11816
CVE-2026-11816 affects Keras
Security update for python311
This update for python311 fixes the following issues: CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...
SUSE-SU-2026:2257-1 Security update for salt
This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...
Security update for salt
This update for salt fixes the following issue: Security issues fixed: CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 Harden Torna...
SUSE-SU-2026:2256-1 Security update for salt
This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...
SUSE-SU-2026:2255-1 Security update 5.0.8 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 - CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer...
Security update 5.0.8 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...