TencentOS Server 3: python3.11 (TSSA-2023:0212)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0212 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 2: python (TSSA-2023:0275)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0275 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 2: python3 (TSSA-2023:0125)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0125 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 4: python3.11 (TSSA-2024:0589)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0589 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 2: python3 (TSSA-2023:0270)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0270 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Fedora 41 : python3.11 (2025-56b4c0f4c4)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-56b4c0f4c4 advisory. Update to 3.11.13. - gh-135034: CVE 2024-12718 CVE 2025-4138 CVE 2025-4330 CVE 2025-4435 CVE 2025-4517 Fixes multiple issues that allowed tarfile extraction...

Fedora 41 : python3.9 (2025-cebde6a6e3)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-cebde6a6e3 advisory. Update to 3.9.23. - gh-135034: CVE 2024-12718 CVE 2025-4138 CVE 2025-4330 CVE 2025-4435 CVE 2025-4517 Fixes multiple issues that allowed tarfile extraction...

Fedora 42 : python3.9 (2025-6efe030226)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-6efe030226 advisory. Update to 3.9.23. - gh-135034: CVE 2024-12718 CVE 2025-4138 CVE 2025-4330 CVE 2025-4435 CVE 2025-4517 Fixes multiple issues that allowed tarfile extraction...

AlmaLinux 8 : python36:3.6 (ALSA-2025:8419)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8419 advisory. python-pymongo: Out-of-bounds read in bson module CVE-2024-5629 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

AZL-62322 CVE-2025-4138 affecting package python3 for versions less than 3.9.19-14

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

python311-3.11.12-4.1 on GA media (moderate)

python311-3.11.12-4.1 on GA media Announcement ID: openSUSE-SU-2025:15191-1 Rating: moderate Cross-References: CVE-2025-4516 CVSS scores: CVE-2025-4516 SUSE : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-4516 SUSE : 5.9...

RHEL 8 : python36:3.6 (RHSA-2025:8419)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8419 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

airunner (>=3.0.0 <=3.1.7), athina (>=1.7.0 <=1.7.39) +29 more potentially affected by CVE-2025-1753 via llama-index-cli (>=0.1.13 <=0.4.0)

llama-index-cli PYPI version =0.1.13, =3.0.0, =1.7.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =1.0.9, =1.0.3.post1, =0.1.2, =0.1.7.dev20240924104148, =0.11.0, =0.11.23 - llama-index-callbacks-honeyhive =0.2.0 - llama-index-collection =0.2.0 and more Source cves: CVE-2025-1753 Source advisory:...

ABB M2M Gateway TLS Handshake bypass in embedded Python (CVE-2023-40217)

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

python312-3.12.10-4.1 on GA media (moderate)

python312-3.12.10-4.1 on GA media Announcement ID: openSUSE-SU-2025:15163-1 Rating: moderate Cross-References: CVE-2025-4516 CVSS scores: CVE-2025-4516 SUSE : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-4516 SUSE : 5.9...

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

CVE-2022-25024

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service...

CVE-2021-43572

The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...