58385 matches found
CVE-2025-13911
CVE-2025-13911 affects Inductive Automation Ignition SCADA, where Python scripting is used for automation. The root cause is insufficient controls on which Python libraries can be imported/executed within the scripting environment, paired with an Ignition service account that has system-level Win...
CVE-2025-13911 Inductive Automation Ignition Execution with Unnecessary Privileges
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...
CVE-2025-13911 Inductive Automation Ignition Execution with Unnecessary Privileges
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...
EUVD-2025-204391
Malicious code in f5rest PyPI...
MAL-2025-192609 Malicious code in f5rest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f8084e3c4c369a7dc22b67657aa22f3faf8e9b98df2721c9ff4e4c17d36fe028 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2025-204392
Malicious code in f5-logger PyPI...
Malicious code in f5-logger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc7c52cb0573811c8391ab93a1a04c99826ebc3fffb98aa82cfe8deb4e58fc1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-192608 Malicious code in f5-logger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc7c52cb0573811c8391ab93a1a04c99826ebc3fffb98aa82cfe8deb4e58fc1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bigip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 87f7e50e3df233ffefcde85171a87ec41d45bbb3d3fb7fbc6da742e9e95b6bb1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2025-204393
Malicious code in bigip PyPI...
SUSE-SU-2025:4487-1 Security update for python36
This update for python36 fixes the following issues: - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled bsc1252974. - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory EOCD record...
python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used
A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...
python: Quadratic complexity in os.path.expandvars() with user-controlled template
A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...
cpython: Python HTMLParser quadratic complexity
A denial-of-service DoS vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource...
Moderate: Red Hat Security Advisory: python3.9 security update
An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Moderate: Red Hat Security Advisory: python3.12 security update
An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked
A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439 BDSA-2024-9026 Other...
SUSE-SU-2025:4478-1 Security update for salt
This update for salt fixes the following issues: - Security issues fixed: - CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 - CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439 BDSA-2024-90...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439 BDSA-2024-9026 Other...