SUSE SLES12 Security Update : python (SUSE-SU-2025:0814-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0814-1 advisory. - Reference to no longer used 'bracketedhost' variable in the fix for CVE-2025-0938 bsc1236705, bsc1223694. Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2021-28861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which m...

Linux Distros Unpatched Vulnerability : CVE-2018-1000808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in...

Linux Distros Unpatched Vulnerability : CVE-2013-2099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of...

GHSA-655Q-FX9R-782V Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis

CVE-2025-1716 Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited to run pip install and fetch a malicious package, enabling remote cod...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2025:0756-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0756-1 advisory. - Reference to no longer used 'bracketedhost' variable in the fix for CVE-2025-0938 bsc1236705, bsc1223694. Tenable has extracted the...

Amazon Linux 2 : python3 (ALAS-2025-2766)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2766 advisory. A defect was discovered in the Python ssl module where there is a memoryrace condition with the ssl.SSLContext methods...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Python vulnerability (USN-7280-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7280-1 advisory. It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could...

USN-7280-1 python3.10, python3.12, python3.8 vulnerability

It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

USN-7280-1: Python vulnerability

It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

CVE-2025-0108 - PAN-OS PoC SCRIPT /!\ Disclaimer: This...

SUSE SLES12 Security Update : python (SUSE-SU-2025:0553-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0553-1 advisory. - CVE-2025-0938: functions urllib.parse.urlsplit and urlparse accept domain names including square brackets bsc1236705. Tenable has extracted the...

Python Untrusted Search Path Vulnerability (Feb 2025) - Windows

Python is prone to an untrusted search path vulnerability in the mimetypes standard library. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2025:0514-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0514-1 advisory. - CVE-2025-0938: functions urllib.parse.urlsplit and urlparse accept domain names including square brackets bsc1236705. Tenable has...

K000149798: Python vulnerability CVE-2023-27043

Security Advisory Description The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in...

ROS-20250212-14

The vulnerability of the mkdtemp function of the Python programming language interpreter is related to the problem of introducing an argument. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

K000149757: Python vulnerability CVE-2022-0391

Security Advisory Description A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the U...

ROS-20250212-03

A vulnerability in the cpython module of the Python programming language is related to improper input validation in module venv module when creating a virtual environment. Exploitation of the vulnerability allows an attacker to execute arbitrary code...

K000149756: Python vulnerability CVE-2024-9287

Security Advisory Description A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source...

python313-3.13.2-1.1 on GA media (moderate)

python313-3.13.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14760-1 Rating: moderate Cross-References: CVE-2025-0938 CVSS scores: CVE-2025-0938 SUSE : 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2025-0938 SUSE : 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N...