Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2628)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2025-2630)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers...

EulerOS Virtualization 2.13.0 : python-pip (EulerOS-SA-2025-2616)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers...

GHSA-95QG-89C2-W5HJ theshit vulnerable to unsafe loading of user-owned Python rules when running as root

Impact Vulnerability Type: Local Privilege Escalation LPE / Arbitrary Code Execution. The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the...

theshit vulnerable to unsafe loading of user-owned Python rules when running as root

Impact Vulnerability Type: Local Privilege Escalation LPE / Arbitrary Code Execution. The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the...

CVE-2025-69257 theshit vulnerable to unsafe loading of user-owned Python rules when running as root.

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

CVE-2025-69257 theshit vulnerable to unsafe loading of user-owned Python rules when running as root.

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

Security Bulletin: IBM Storage Ceph is vulnerable to Time-of-check Time-of-use in python-waitress (CVE-2024-49768)

Summary python-waitress is used by IBM Storage Ceph. CVE-2024-49768 Vulnerability Details CVEID:CVE-2024-49768 DESCRIPTION: Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a...

EUVD-2025-205780

Picklescan is vulnerable to RCE via missing detection when calling built-in python operator.attrgetter...

EUVD-2025-205779

Picklescan is vulnerable to RCE via missing detection when calling built-in python operator.methodcaller...

GHSA-955R-X9J8-7RHH Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling to operator.methodcaller function in reduce method - Then when...

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getlincoef function. An attacker can execute arbitrary code by crafting a malicious pickle file that...

OESA-2025-2888 python-requests security update

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...

OESA-2025-2869 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

RUSTSEC-2025-0139 theshit vulnerable to unsafe loading of user-owned Python rules when running as root

The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with sudo or otherwise runs with an effective UID of root, it continues...

theshit vulnerable to unsafe loading of user-owned Python rules when running as root

The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with sudo or otherwise runs with an effective UID of root, it continues...

EUVD-2025-205702

Malicious code in rippling-cli PyPI...

Malicious code in rippling-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bac12bb851f49ac4801addcf6964c854abe90430140d3e75e4eefcd4c7cf1bf0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

[SECURITY] [DLA 4425-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4425-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 29, 2025 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-4425-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...