Updated python-py packages fix security vulnerability

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. CVE-2022-42969...

CLSA-2025-1763054281 python: Fix of CVE-2025-8194

CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and entry enumeration APIs...

CLSA-2025-1762980908 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1762958892 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1762958654 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

kdcproxy 安全漏洞

kdcproxy is a Python library open-sourced by latchset A security vulnerability exists in kdcproxy that stems from not enforcing TCP response length bounds, which could lead to a denial of service attack...

Python Library Brotli <= 1.1.0 DoS

The detected version of the Brotli Python package, Brotli, is prior or equal to 1.1.0. It is, therefore, affected by a denial of service DoS vulnerability due to decompression. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1439 more potentially affected by CVE-2025-64459 via django (>=5.2.0 <=5.2.7)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-64459 Source advisory: SNYK:PYTHON-DJANGO-13836728...

ailite (>=6.0.0 <=6.1.10), automatic-goggles (>=0.1.0 <=0.8.0) +35 more potentially affected by CVE-2025-12695 via dspy (>=0.1.5 <=3.1.0)

dspy PYPI version =0.1.5, =6.0.0, =0.1.0, =2.5.5, =0.1.0, =2.8.0, =0.2.1, =0.1.6.dev17, =0.2.0, =0.2.5 and more Source cves: CVE-2025-12695 Source advisory: SNYK:PYTHON-DSPY-13832222...

aenvironment (=0.1.7rc1), agentic-ai-engineering-course (>=0.4.6 <=0.4.7) +178 more potentially affected by CVE-2025-62801 via fastmcp (>=2.0.0 <=2.13.0)

fastmcp PYPI version =2.0.0, =0.4.6, =1.8.0, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.2.7, =1.0.0rc1, =0.2.7, =1.7.3, =0.1.12, =0.9.30, =0.14.3, =0.18.5 and more Source cves: CVE-2025-62801 Source advisory: SNYK:PYTHON-FASTMCP-13745516...

Linux Distros Unpatched Vulnerability : CVE-2025-62706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JWE zip=DEF path performs unbounded DEFLATE...

[SECURITY] Fedora 43 Update: python3.10-3.10.19-1.fc43

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

Impacket 0.13.0

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and, for some protocols e.g. SMB1-3 and MSRPC, the protocol implementation itself. Packets can be constructed from scratch, as well as parse...

CLSA-2025-1760983006 python3: Fix of CVE-2025-8194

Bump package Release to 21.0.5 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative...

USN-7828-1 python-ldap vulnerabilities

It was discovered that Python LDAP incorrectly handled special characters in the special character filtering function. A remote attacker could possibly use this issue to perform LDAP injection attacks. CVE-2025-61911 Arad Inbar discovered that Python LDAP incorrectly escaped NUL character bytes. ...

python311-Authlib-1.6.5-1.1 on GA media (moderate)

python311-Authlib-1.6.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15629-1 Rating: moderate Cross-References: CVE-2025-61920 CVSS scores: CVE-2025-61920 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-61920 SUSE : 8.7...

CVE-2025-61911

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

CVE-2025-61912 python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...

CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

SUSE SLES15 / openSUSE 15 Security Update : python-xmltodict (SUSE-SU-2025:03511-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03511-1 advisory. - CVE-2025-9375: XML injection vulnerability in xmltodict allows input data manipulation bsc1249036. Tenable has extracted th...