EulerOS Virtualization 2.10.0 : python-pip (EulerOS-SA-2026-1564)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn'...

Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-1226)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP...

EUVD-2025-30961

Malicious code in bioql PyPI...

BIT-PIP-2025-8869 Fallback tar extraction in pip doesn't check symbolic links point to extraction directory

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

CVE-2025-8869 Fallback tar extraction in pip doesn't check symbolic links point to extraction directory

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' due to a type confusion bug in the CPython interpreter. An attacker can bypass security restrictions by exploiting the try/except clauses. This is only exploitable if the...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4shell4shell Log4j - Multitool. Find & fix possible CVE...

fence-agents security and bug fix update

4.2.1-41.2 - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz1850114 4.2.1-41.1 - fencelpar: fix issue with long username, hostname, etc not working when the command run by the agent exceeds 80 characters - fenceevacuate: enable evacuation of instances using private flavors...

PT-2020-6971 · Python +7 · Python +7

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.9.2 Description: The issue is related to the read ints function in the plistlib.py component of the Python interpreter, which is vulnerable to uncontrolled resource consumption. This can be exploited by a remote...

Web Cache Poisoning

Amendment This was deemed not a vulnerability. Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Web Cache Poisoning. The root cause of this vulnerability was determined to by a...

Fedora 16 : cumin-0.1.5522-4.fc16 (2012-17854)

Latest build adds a missing dependency on python-saslwrapper and missing upgrade scripts in addition to a patch for BZ842286. The previous version of the spec file did not install cumin-report and was missing a dependency on pymongo. This release contains many bug fixes logged against Cumin in RH...

PyCrypto: Execution of arbitrary code

Background PyCrypto is the Python Cryptography Toolkit. Description Mike Wiacek of the Google Security Team reported a buffer overflow in the ARC2 module when processing a large ARC2 key length. Impact A remote attacker could entice a user or automated system to decrypt an ARC2 stream in an...