Lucene search
K

13 matches found

OSV
OSV
added 2026/05/17 12:53 a.m.11 views

CLSA-2026-1778979189 Fix CVE(s): CVE-2024-6232, CVE-2024-7592, CVE-2024-9287

SECURITY UPDATE: ReDoS in tarfile PAX header parsing - debian/patches/CVE-2024-6232.patch: rewrite Lib/tarfile.py PAX-record parser to scan length-prefixed records via a bounded regex headerlengthprefixre plus direct slicing, eliminating quadratic backtracking in three pre-existing regexes. Adapt...

7.8CVSS5.8AI score0.02303EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.13 views

TencentOS Server 3: python39:3.9 (TSSA-2025:1001)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1001 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.4CVSS8AI score0.01499EPSS
Exploits14References13
OSV
OSV
added 2025/11/12 9:29 p.m.7 views

MGASA-2025-0280 Updated python3 packages fix security vulnerabilities

URL parser allowed square brackets in domain names. CVE-2025-0938 Mishandling of comma during folding and unicode-encoding of email headers. CVE-2025-1795 Virtual environment venv activation scripts don't quote paths. CVE-2024-9287 Use-after-free in "unicodeescape" decoder with error handler...

9.4CVSS6.9AI score0.01499EPSS
Exploits14References10
OSV
OSV
added 2025/10/31 2:13 p.m.6 views

OESA-2025-2574 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

7.8CVSS6.6AI score0.00647EPSS
Exploits0References3
OSV
OSV
added 2025/05/21 7:7 p.m.5 views

CLSA-2025-1747854434 Fix CVE(s): CVE-2024-9287

SECURITY UPDATE: Path names provided when creating a virtual environment were not quoted properly - debian/patches/CVE-2024-9287.patch: Quote template strings in venv activation - CVE-2024-9287...

7.8CVSS6.7AI score0.00647EPSS
Exploits0References1
OSV
OSV
added 2025/03/17 8:16 p.m.12 views

RLSA-2024:11111 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.8CVSS7.8AI score0.00647EPSS
Exploits0References2
Amazon
Amazon
added 2025/03/06 12:0 a.m.6 views

Medium: python3.11

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...

7.8CVSS7.7AI score0.01499EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.8 views

Important: python3.12

Issue Overview: Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the...

8.7CVSS7.9AI score0.0188EPSS
Exploits0
OSV
OSV
added 2024/12/18 5:43 p.m.6 views

CLSA-2024-1734543773 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

7.8CVSS6.8AI score0.00647EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/12/18 12:0 a.m.11 views

RHEL 9 : python3.11 (RHSA-2024:11111)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11111 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

7.8CVSS7AI score0.00647EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/12/18 12:0 a.m.16 views

AlmaLinux 8 : python3.12 (ALSA-2024:10980)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:10980 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Unbounded memory buffering in...

8.7CVSS7.4AI score0.0188EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/12/12 12:0 a.m.18 views

Fedora 40 : python3.9 (2024-607a0047bc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-607a0047bc advisory. Python 3.9.21 security release. Security content in this release -------------------------------- - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to...

7.8CVSS7AI score0.00647EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/05 12:0 a.m.18 views

AlmaLinux 8 : python3:3.6.8 (ALSA-2024:10779)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:10779 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Improper validation of IPv6 and IPvFuture addresses...

7.8CVSS6.8AI score0.0067EPSS
Exploits0References4
Rows per page
Query Builder