RHSA-2026:18957 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

RHSA-2026:18958 Red Hat Security Advisory: python3.12 security update

Bulletin has no description...

RHSA-2026:18693 Red Hat Security Advisory: python3.9 security update

Bulletin has no description...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

vulnscan

VulnScan — Automatic Vulnerability Scanner Kali Linux Edit...

Astra Linux - уязвимость в python2.7, python3.11, python3.7

When constructing nested elements using XMLDom.minidom methods like appendChild, which rely on clearidcache, the algorithm has a quadratic complexity. This can affect the availability of documents when they are constructed with excessively nested structures...

Astra Linux - уязвимость в python3.11

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL’s media type...

Astra Linux - уязвимость в python-jwcrypto

JWCrypto implements the JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker could cause a denial-of-service attack by passing in a malicious JWE Token with a high compression ratio. When the server processed this token, it would consume a lot of memory...

Astra Linux - уязвимость в python-urllib3

The urllib3 library before version 1.24.2 in Python mishandles certain cases where the desired set of CA certificates differs from the CA certificates stored in the operating system’s store. As a result, SSL connections succeed in situations where a verification failure would be the correct...

Astra Linux - уязвимость в python3.11, python2.7, python3.7, pypy

The email module in Python, as of version 3.11.3, incorrectly parses email addresses that contain special characters. The incorrect portion of the RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism by allowing access to...

Astra Linux - уязвимость в python-psutil

psutil also known as python-psutil from version 5.6.5 onwards may have a double-free issue. This issue occurs due to improper handling of reference counts within a while loop or for loop, which converts system data into a Python object...

Astra Linux - уязвимость в python-urllib3

urllib3 is a user-friendly HTTP client library for Python. urllib3 does not treat the Cookie HTTP header specially or provides any helpers for managing cookies over HTTP; that responsibility lies with the user. However, it is possible for a user to specify a Cookie header, and information may be...

Astra Linux - уязвимость в pypy, jython

The documentation XML-RPC server in Python, from versions 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4, has XSS vulnerabilities due to the servertitle field. This issue occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If the setservertitle function ...

Astra Linux - уязвимость в python3.7

The readints function in plistlib.py in Python from version 3.9.1 is vulnerable to a potential Distributed Denial-of-Service DoS attack due to CPU and RAM exhaustion when processing malformed Apple Property List files in binary format...

Astra Linux - уязвимость в python-cryptography

In the cryptography package for Python before version 3.3.2, certain sequences of update calls to symmetrically encrypt multi-GB values could lead to integer overflows and buffer overflows, as demonstrated by the Fernet class...