[SECURITY] Fedora 44 Update: python3.12-3.12.13-1.fc44

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

Fedora 43 : python3.12 (2026-ac5dd35f2d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ac5dd35f2d advisory. Update to 3.12.13 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

SUSE SLES12 Security Update : python36 (SUSE-SU-2026:0884-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0884-1 advisory. - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181. Tenable has extracted the...

TencentOS Server 4: python3.11 (TSSA-2026:0141)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0141 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20348-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20348-1 advisory. Changes in python-PyPDF2: - CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter bsc1259404 - Update sources with osc run...

RockyLinux 8 : python3.11 (RLSA-2026:4473)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4473 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

AlmaLinux 9 : python3.9 (ALSA-2026:4168)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4168 advisory. cpython: IMAP command injection in user-controlled commands CVE-2025-15366 cpython: POP3 command injection in user-controlled commands CVE-2025-15367...

Fedora 42 : python3.12 (2026-3ebfc12a16)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3ebfc12a16 advisory. Update to 3.12.13 ---- Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367 Tenable has extracted the preceding...

openSUSE 16 Security Update : python-lxml_html_clean (openSUSE-SU-2026:20345-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20345-1 advisory. Changes in python-lxmlhtmlclean: - CVE-2026-28348: improper keywords checking can allow external CSS loading bsc1259378 - CVE-2026-28350: lack o...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : python-cryptography vulnerability (USN-8087-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8087-1 advisory. It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to...

Linux Distros Unpatched Vulnerability : CVE-2026-32274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. Th...

OPENSUSE-SU-2026:10333-1 python311-multipart-1.3.1-1.1 on GA media

These are all security issues fixed in the python311-multipart-1.3.1-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora: Security Advisory (FEDORA-2026-ac5dd35f2d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 9 : python3.11 (ALSA-2026:4216)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4216 advisory. cpython: IMAP command injection in user-controlled commands CVE-2025-15366 cpython: POP3 command injection in user-controlled commands CVE-2025-15367...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2026:0873-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0873-1 advisory. This update for python fixes the following issue: - CVE-2026-1299: header injection when an email is serialized due to improper newline...

AlmaLinux 8 : python3.12 (ALSA-2026:4463)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4463 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

openSUSE 15 Security Update : python-maturin (SUSE-SU-2026:0860-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0860-1 advisory. This update for python-maturin fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stac...

SUSE SLES15 Security Update : python-aiohttp (SUSE-SU-2026:0859-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0859-1 advisory. - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal...

openSUSE Security Advisory (SUSE-SU-2026:0860-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...