ROS-20260505-73-0048

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

ROS-20260505-73-0041

Vulnerability in python3.10 related to failure to take measures to neutralize crlf sequences. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260505-73-0025

A vulnerability in the appendChild and clearidcache functions of the Python programming language interpreter CPython is related to algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260505-73-0006

Vulnerability in python3.10 related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260505-73-0020

A vulnerability in the os.path.expandvars function of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260505-73-0047

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

ROS-20260505-73-0040

Vulnerability in python3 related to failure to take measures to neutralize crlf sequences. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260505-73-0026

A vulnerability in the appendChild and clearidcache functions of the Python programming language interpreter CPython is related to algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Astra Linux - уязвимость в pypy

Python versions 2.7.x through 2.7.16, and 3.x through 3.7.2 are affected by improper handling of Unicode encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure—credentials, cookies, etc., that are cached against a given hostname. The affected components...

Astra Linux - уязвимость в python2.7, pypy

In Python versions 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an HTTP server can perform Regular Expression Denial of Service ReDoS attacks against clients due to the use of urllib.request.AbstractBasicAuthHandler, which allows catastrophi...

Astra Linux - уязвимость в python2.7

In Python 3.x through 3.9.1, there is a buffer overflow issue in the PyCArgrepr function within ctypes/callproc.c. This issue may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input. This was demonstrated by the use of the argument...

Astra Linux - уязвимость в python3.7

The lib/zipfile.py module in Python, as of version 3.7.2, allows remote attackers to cause a denial of service resource consumption through a ZIP bomb attack...

Astra Linux - уязвимость в python3.11, python2.7, python3.7

The ‘zipfile’ module does not check the validity of the offset value specified in the ZIP64 End of Central Directory EOCD Locator record. Instead, the ZIP64 EOCD record is assumed to be the previous record in the ZIP archive. This behavior can be exploited to create ZIP archives that are processe...

Astra Linux - уязвимость в python3.7

A issue was discovered in the CPython tempfile.TemporaryDirectory class, affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, 3.8.18, and earlier versions. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means that users who can...

Astra Linux - уязвимость в python2.7, python3.7

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

Astra Linux - уязвимость в python3.11, python3.7

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler, your usage is not affected. To work around this issue, you can stop using the error handling mechanism and instead wrap the...

Astra Linux - уязвимость в python3.7, python2.7

A issue was discovered in Python before version 3.11.1. An unnecessary quadratic algorithm exists in one path when processing certain inputs to the IDNA RFC 3490 decoder. This can lead to an excessive CPU usage when a maliciously crafted, unreasonably long hostname is provided to the decoder...

MiracleLinux 9 : python3.12-3.12.12-4.el9_7.3 (AXSA:2026-519:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-519:12 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

MiracleLinux 9 : python3.9-3.9.25-3.el9_7.3 (AXSA:2026-513:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-513:04 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

RHEL 8 : python3.11 (RHSA-2026:11062)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11062 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...