python security update

2.7.5-94.0.7 - Fix for CVE-2026-4519 Orabug: 39243798...

RHCOS 9 : OpenShift Container Platform 4.12.41 (RHSA-2023:6128)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6128 advisory. - python-eventlet: patch regression for CVE-2021-21419 in some Red Hat builds CVE-2023-5625 Note that Nessus has not tested for this issue bu...

RHCOS 9 : OpenShift Container Platform 4.17.5 (RHSA-2024:9613)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9613 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

OPENSUSE-SU-2026:10681-1 python311-social-auth-core-4.8.7-1.1 on GA media

These are all security issues fixed in the python311-social-auth-core-4.8.7-1.1 package on the GA media of openSUSE Tumbleweed...

sshprank 1.7.0

sshprank is a fast SSH mass-scanner, login cracker, and banner grabber tool using the python-masscan and shodan modules...

PT-2026-36904

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary...

PT-2026-36887

Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...

OPENSUSE-SU-2026:10680-1 python311-django-allauth-65.16.1-2.1 on GA media

These are all security issues fixed in the python311-django-allauth-65.16.1-2.1 package on the GA media of openSUSE Tumbleweed...

PPTAgent 安全漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent 418491a contained security vulnerabilities. These vulnerabilities stemmed from issues with the Python eval function when executing code generated by LLM,...

RHCOS 9 : OpenShift Container Platform 4.15.39 (RHSA-2024:10145)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10145 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.15.30 (RHSA-2024:6016)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6016 advisory. - python-werkzeug: user may execute code on a developer's machine CVE-2024-34069 Note that Nessus has not tested for this issue but has inste...

RHCOS 9 : OpenShift Container Platform 4.13.54 (RHSA-2024:10815)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10815 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

Astra Linux - уязвимость в python-ldap

Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars could be exploited to skip escaping special characters when a crafted list or dict was provided as the assertionvalue parameter, and...

Astra Linux - уязвимость в python-py

A denial of service attack via regular expressions in the py.path.svnwc component of py also known as python-py in versions up to 1.9.0 could be exploited by attackers to trigger a compute-time denial of service attack by providing malicious input to the blame functionality...

Astra Linux - уязвимость в python-tornado

A vulnerability in Tornado versions 6.3.1 and earlier allows a remote, unauthenticated attacker to redirect a user to an arbitrary web site and carry out a phishing attack by causing the user to access a specially crafted URL...

Astra Linux - уязвимость в python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Prior to version 2.5.0, it was possible to disable redirections for all requests by instantiating a PoolManager and specifying retries in a way that disables redirections. By default, requests and botocore users are not affected. An...

Astra Linux - уязвимость в python-pip

When extracting a tar archive, pip may not check symbolic links pointing into the extraction directory if the tarfile module does not implement PEP 706. Note that upgrading pip to a “fixed” version does not fix all vulnerabilities that are mitigated by using a Python version that implements PEP...

Astra Linux - уязвимость в pypdf2

pypdf is a pure-Python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who exploits this vulnerability can create a PDF that results in unexpected long execution times. This quadratic execution time blocks the current process and can even...

Astra Linux - уязвимость в python2.7, python3.7

A flaw was discovered in Python, specifically in the FTP File Transfer Protocol client library when operating in PASV passive mode. The issue arises from how the FTP client defaults to trusting the host based on the PASV response. This flaw allows an attacker to create a malicious FTP server that...

Astra Linux - уязвимость в python-httplib2

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server that responded with a long series of "\xa0" characters in the “www-authenticate” header could cause a Denial of Service attack, resulting in excessive CPU usage during header parsing ...