RLSA-2023:7034 Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python38:3.8 and python38-devel:3.8 security update

An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python3x-setuptools, module.python-wcwidth, module.python-ply, python-psycopg2, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy,...

python39:3.9 and python39-devel:3.9 security update

An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python-iniconfig, module.python-wcwidth, module.python-ply, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy, module.python-attrs...

Malicious code in polyutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

OPENSUSE-SU-2026:10216-1 python311-asgiref-3.11.1-1.1 on GA media

These are all security issues fixed in the python311-asgiref-3.11.1-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-41683

Name of the Vulnerable Software and Affected Versions ChromaDB versions 1.0.0 through 1.5.8 Description A pre-authentication code injection issue exists in the ChromaDB Python project. An unauthenticated remote attacker can execute arbitrary code on the server by sending a request to the...

Python Email Header Injection Mitigation Tester

This tool demonstrates how modern Python's email library EmailMessage with policy.default effectively prevents email header injection attacks. By rejecting newline and carriage return characters in header values, the library enforces RFC 5322 compliance and blocks classic injection attempts such ...

📄 Python 3 Minidom Denial of Service

This proof of concept demonstrates an algorithmic denial of service condition caused by parsing an XML document containing an extremely large number of attributes using Python's xml.dom.minidom library. Due to inefficient attribute handling with quadratic time complexity, the XML parser may consu...

RockyLinux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2023:7050)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7050 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...

RockyLinux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2023:7034)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7034 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...

Ubuntu: Security Advisory (USN-8032-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:20335-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python311-pip-26.0.1-1.1 on GA media (moderate)

python311-pip-26.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10210-1 Rating: moderate Cross-References: CVE-2026-1703 CVSS scores: CVE-2026-1703 SUSE : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2026-1703 SUSE : 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

Important: Red Hat Security Advisory: Satellite 6.17.6.3 Async Update

A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs...

Malicious code in cicibot-fix-message-naming (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7fb20d1d9da8ede0270346034bb6fdca56ef578e35a73b4cb0301664ab4a27ab Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Exploit for CVE-2025-4138

CVE-2025-4138 Python Tarfile module Directory Traversal Vulne...

aiohttp: AIOHTTP HTTP Request/Response Smuggling

A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...

SUSE-SU-2026:0563-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

SUSE-SU-2026:20447-1 Security update for python-pyasn1

This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service bsc1256902...