20 matches found
Astra Linux - уязвимость в python-pip
When extracting a tar archive, pip may not check symbolic links pointing into the extraction directory if the tarfile module does not implement PEP 706. Note that upgrading pip to a “fixed” version does not fix all vulnerabilities that are mitigated by using a Python version that implements PEP...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2026-26030
Summary of CVE-2026-26030 : The issue affects Microsoft’s Semantic Kernel Python SDK, specifically the InMemoryVectorStore filter functionality. Versions prior to 1.39.4 are vulnerable to remote code execution. The vulnerability is mitigated by upgrading to python-1.39.4 or higher; as a workaroun...
Security update 5.1.1.1 for Multi-Linux Manager Client Tools
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
GHSA-28JP-44VH-Q42H Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. Original Description The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a pat...
Directory Traversal
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the keras.utils.getfile API when the extract=True option is used for tar archives. An attacker can write arbitrary files to any location on the...
AZL-69472 CVE-2025-12060 affecting package keras for versions less than 3.3.3-5
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
UBUNTU-CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
CVE-2025-12060
CVE-2025-12060 concerns Keras: when using keras.utils.get_file with extract=True on tar archives, tarfile.extractall is invoked without a proper filter, enabling path traversal and potential arbitrary file writes outside the destination directory. The root cause is linked to Python tarfile weakne...
EUVD-2025-18401
Malicious code in bioql PyPI...
OESA-2025-2333 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
CVE-2025-26622 sqrt doesn't define rounding behavior in Vyper
vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...
CVE-2025-25183 vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-i...
OESA-2022-2010 protobuf security update
Security Fixes: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...
AZL-35147 CVE-2022-1941 affecting package pytorch for versions less than 2.2.2-2
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of...
SUSE-SU-2021:0794-1 Security update for python
This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379...
SUSE-SU-2021:0768-1 Security update for python
This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379...
DSA-159 python - insecure temporary files
Bulletin has no description...