Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Python could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4,...

Security Bulletin: Vulnerabilities in MongoDB, Python, Node.js, Golang Go, Linux kernel affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Python, Node.js, Golang Go and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remote execution of...

SUSE SLES12 Security Update : python (SUSE-SU-2026:0663-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0663-1 advisory. - CVE-2025-6075: Fixed performance degradation when using os.path.expandvars bsc1252974. - CVE-2026-0672: Fixed a HTTP header injection via...

CVE-2026-1299 vulnerabilities

Vulnerabilities for packages: python...

AlmaLinux 8 : python3 (ALSA-2026:2128)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2128 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Python vulnerabilities (USN-8018-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8018-1 advisory. Denis Ledoux discovered that Python incorrectly parsed email message headers. An...

RHEL 8 : python3 (RHSA-2026:2128)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2128 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 9 : python3.11 (RHSA-2026:1922)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1922 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

MiracleLinux 9 : python3.11-3.11.13-5.el9_7 (AXSA:2026-111:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-111:04 advisory. cpython: Excessive read buffering DoS in http.client CVE-2025-13836 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial ...

CVE-2025-11468 vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-12781 vulnerabilities

Vulnerabilities for packages: python...

GHSA-5MC7-P6PJ-R3F5 vulnerabilities

Vulnerabilities for packages: python...

MiracleLinux 8 : python38:3.8 (AXSA:2021-2422:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2422:01 advisory. python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 python-lxml: mXSS due to the use of improper parser...

MiracleLinux 4 : rh-python36-python-pip-9.0.1-5.AXS4, rh-python36-python-3.6.12-1.AXS4, rh-python36-python-virtualenv-15.1.0-3.AXS4 (AXSA:2020-818:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-818:02 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 python: CRLF injection via the host part of the url...

MiracleLinux 7 : rh-python38 (AXSA:2021-2383:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2383:01 advisory. python-cryptography: Bleichenbacher timing oracle attack against RSA decryption CVE-2020-25659 python: Unsafe use of eval on data retrieved via HTTP...

MiracleLinux 8 : python3-3.6.8-48.el8.1.ML.1 (AXSA:2023-5156:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5156:02 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-8747 DESCRIPTION: A safe mode...

MiracleLinux 9 : python3.9-3.9.25-2.el9_7 (AXSA:2025-11589:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11589:05 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 cpython: Python HTMLParser quadratic complexity...

CVE-2025-12084 vulnerabilities

Vulnerabilities for packages: python...

USN-7886-2: Python vulnerabilities

USN-7886-1 fixed vulnerabilities in Python. This update provides the corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10. Original advisory details: It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this...