858 matches found
Exploit for CVE-2026-31431
CVE-2026-31431-exploitpy2py3 A script...
exploits
Copyfail Privilege escalation...
SUSE CVE-2026-41140
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supporte...
[SECURITY] Fedora 42 Update: python3.9-3.9.25-9.fc42
Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...
[SECURITY] Fedora 44 Update: python3.9-3.9.25-9.fc44
Python 3.9 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.9 package provides the "python3.9" executable: the...
Important: python3.9
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
Medium: python3.13
Issue Overview: The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire. CVE-2026-2297 The fix for...
Fedora 43 : python3.9 (2026-7986d7f994)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7986d7f994 advisory. Security fixes for CVE-2026-4786 and CVE-2026-6100 Tenable has extracted the preceding description block directly from the Fedora security advisory...
Fedora 42 : python3.9 (2026-60a694a385)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-60a694a385 advisory. Security fixes for CVE-2026-4786 and CVE-2026-6100 Tenable has extracted the preceding description block directly from the Fedora security advisory...
Fedora 44 : python3.9 (2026-85cf3694d8)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-85cf3694d8 advisory. Security fixes for CVE-2026-4786 and CVE-2026-6100 Tenable has extracted the preceding description block directly from the Fedora security advisory...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1618)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1618 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...
Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1600)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1600 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.aud...
python315-3.15.0~a8-3.1 on GA media (moderate)
python315-3.15.0a8-3.1 on GA media Announcement ID: openSUSE-SU-2026:10648-1 Rating: moderate Cross-References: CVE-2026-1502 CVE-2026-4786 CVE-2026-5713 CVE-2026-6019 CVE-2026-6100 CVSS scores: CVE-2026-1502 SUSE : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2026-1502 SUSE : 5.7...
SUSE-SU-2026:21431-1 Security update for python-PyNaCl
This update for python-PyNaCl fixes the following issues: Security fixes: - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint function bsc1255764. Other fixes: - update to 1.6.2 bsc1255764, CVE-2025-69277:...
ROOT-OS-DEBIAN-12-CVE-2025-12084 CVE-2025-12084 in rootio-python3.11 - Patched by Root
Root has patched CVE-2025-12084 in the rootio-python3.11 package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-6069 CVE-2025-6069 in rootio-python3.11 - Patched by Root
Root has patched CVE-2025-6069 in the rootio-python3.11 package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-11468 CVE-2025-11468 in rootio-python3.11 - Patched by Root
Root has patched CVE-2025-11468 in the rootio-python3.11 package for Root:Debian:12. Multiple fixed versions available...
SUSE-SU-2026:21415-1 Security update for python311
This update for python311 fixes the following issue: - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970...
RHSA-2026:11077 Red Hat Security Advisory: python3 security update
Bulletin has no description...
RHSA-2026:10774 Red Hat Security Advisory: python3.11 security update
Bulletin has no description...