211 matches found
OPENSUSE-SU-2026:20865-1 Security update for python-uv
This update for python-uv fixes the following issues: - CVE-2026-31812: quinn-proto: denial of service via crafted QUIC initial packet bsc1259624. - CVE-2026-32766: astral-tokio-tar: malformed PAX extensions can lead to archive misinterpretation bsc1259966...
EUVD-2026-33523
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...
CVE-2026-10201
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...
DEBIAN-CVE-2026-10201
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...
UBUNTU-CVE-2026-10201
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...
Division by zero
Overview Affected versions of this package are vulnerable to Division by zero in the WriteObjects function of the UV Channel Handler component. An attacker can cause a denial of service by providing crafted input that triggers a divide by zero condition during local processing. Remediation There ...
CVE-2026-10201 Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...
CVE-2026-10201
Assimp up to 6.0.4 contains a vulnerability in FBXExporter::WriteObjects (FBXExporter.cpp) within the UV Channel Handler. A manipulation can trigger a divide-by-zero error when processing FBX data, requiring local access to exploit. Public disclosure of the exploit is noted, and applying a patch ...
CVE-2026-10201 Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...
CVE-2026-10201
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...
CVE-2026-10201 Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...
uv is vulnerable to arbitrary file write through entry point names
Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under consolescripts or guiscripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...
edgetest (>=2026.4.0 <=2026.5.0), r7-surcom-sdk (>=0.12.15 <=0.14.16) +1 more potentially affected by unknown CVE via uv (>=0.10.0 <=0.10.7)
uv PYPI version =0.10.0, =2026.4.0, =0.12.15, =3.10.18, =3.10.21 Source cves: unknown CVE Source advisory: OSV:GHSA-4GG8-GXPX-9RPH...
GHSA-4GG8-GXPX-9RPH uv is vulnerable to arbitrary file write through entry point names
Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under consolescripts or guiscripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...
PT-2026-47548
Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under console scripts or gui scripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...
[SECURITY] Fedora 43 Update: uv-0.11.15-1.fc43
An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...
Fedora 43 : python-uv-build / rust-astral-tokio-tar / etc (2026-f8487121bd)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f8487121bd advisory. Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph. Tenable has extracted the preceding description block directly...
Fedora 44 : python-uv-build / rust-astral-tokio-tar / etc (2026-0b1aaac651)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-0b1aaac651 advisory. Update uv and python-uv-build to 0.11.5, fixing GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph. Tenable has extracted the preceding description block directly...
Astra Linux – Vulnerability in libuv1
Node.js versions prior to 16.4.1, 14.17.2, and 12.22.2 are vulnerable to an out-of-bounds read when the uvidnatoascii function is used to convert strings to ASCII. The pointer p is read and incremented without checking whether it lies beyond pe, where pe holds a pointer to the end of the buffer...
Fedora 45 : python-uv-build / rust-astral_async_http_range_reader / etc (2026-588c639071)
The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-588c639071 advisory. Update uv and python-uv-build to 0.11.5, fixing ee GHSA-3cv2-h65g-fgmm and GHSA-4gg8-gxpx-9rph. Tenable has extracted the preceding description block directl...