RockyLinux 9 : python-jwcrypto (RLSA-2026:19197)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19197 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding descripti...

Oracle Linux 10 : python-urllib3 (ELSA-2026-1086)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-1086 advisory. - Security fix for CVE-2025-66471 - Security fix for CVE-2025-66418 Tenable has extracted the preceding description block directly from the Oracle Lin...

MiracleLinux 8 : python-dns-1.15.0-12.el8 (AXSA:2024-8211:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8211:01 advisory. dnspython: denial of service in stub resolver CVE-2023-29483 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : python-requests-2.20.0-3.el8 (AXSA:2023-6324:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6324:02 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : python-psutil-5.4.3-11.el8 (AXSA:2021-2727:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2727:01 advisory. python-psutil: double free because of refcount mishandling CVE-2019-18874 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 8 : python-jinja2-2.10.1-6.el8_10 (AXSA:2025-9599:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9599:02 advisory. jinja2: Jinja has a sandbox breakout through indirect reference to format method CVE-2024-56326 Tenable has extracted the preceding description block directl...

Fedora 42 : python3-docs / python3.13 (2025-47cf891973)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-47cf891973 advisory. Update to 3.13.5, this release fixes the following CVEs: CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, CVE-2025-4435, and CVE 2025-4517 Tenable has extracted...

SUSE SLES12 Security Update : python3-requests (SUSE-SU-2025:01997-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:01997-1 advisory. - CVE-2024-47081: fixes netrc credential leak bsc1244039. Tenable has extracted the preceding description block directly from the SUSE security...

SUSE-SU-2025:01877-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler bsc1243273...

Medium: python3

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...

Photon OS 5.0: Python3 PHSA-2025-5.0-0462

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0462. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Low: python3

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

Medium: python3

Issue Overview: A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "certstorestats" and "getcacerts". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContex...

Important: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...

Fedora 37 : python3-docs / python3.11 (2022-a9a4c48d06)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-a9a4c48d06 advisory. The final release of Python 3.11.0. Contains security fix for CVE-2022-42919. Tenable has extracted the preceding description block directly from th...

Medium: python3

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

SUSE-SU-2020:0114-1 Security update for python3

This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Waveread.readfmtchunk bsc1083507. - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ bsc1149955. - CVE-2019-15903: Fixed a heap-based buffer over-read i...

OPENSUSE-SU-2019:1282-1 Security update for python3

This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization bsc1129346. This update was imported from the SUSE:SLE-15:Update update project...