Lucene search
K

28 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Oracle Linux 9 : python3.14 (ELSA-2026-19176)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19176 advisory. - Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100 Resolves: RHEL-167918, RHEL-168160 - Security fixes for CVE-2026-2297,...

9.1CVSS7AI score0.00621EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/05/19 6:28 p.m.20 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS7.2AI score0.00419EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/03 12:0 a.m.7 views

MiracleLinux 8 : python3.12-3.12.13-2.el8_10 (AXSA:2026-523:13)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-523:13 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-593...

9.1CVSS7.7AI score0.01279EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.12 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1618)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1618 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.8 views

AlmaLinux 8 : python3.12 (ALSA-2026:10950)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:10950 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

9.1CVSS7AI score0.01279EPSS
Exploits1References13
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.9 views

SUSE: Security Advisory (SUSE-SU-2026:1107-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.01525EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.7 views

openSUSE Security Advisory (SUSE-SU-2026:1062-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.01525EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.7 views

SUSE: Security Advisory (SUSE-SU-2026:1117-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.01525EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.6 views

openSUSE Security Advisory (SUSE-SU-2026:1107-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.01525EPSS
Exploits0References13
EUVD
EUVD
added 2026/03/16 6:32 p.m.3 views

EUVD-2026-12484

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.8AI score0.00419EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.8 views

Fedora 43 : python3.10 (2026-41f576f846)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-41f576f846 advisory. Update to 3.10.20 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

7.5CVSS5.9AI score0.01525EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2026/03/13 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2026-3ebfc12a16)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS7.2AI score0.0056EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.18 views

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2026-1447)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1447 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

6CVSS7.1AI score0.0056EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2026/03/05 12:0 a.m.4 views

openSUSE Security Advisory (SUSE-SU-2026:0767-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS6AI score0.0055EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.6 views

SUSE SLED15: libpython3_13-1_0 / python313 / python313-base / python313-curses / etc (SUSE-SU-2026:0642-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0642-1 advisory. Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and...

6CVSS7.2AI score0.0056EPSS
Exploits0References16
OpenVAS
OpenVAS
added 2026/03/02 12:0 a.m.3 views

SUSE: Security Advisory (SUSE-SU-2026:0663-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS6.5AI score0.00463EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2026/02/26 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2026:0612-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS5.4AI score0.0055EPSS
Exploits0References9
SUSE Linux
SUSE Linux
added 2026/02/25 4:29 p.m.5 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
SUSE Linux
SUSE Linux
added 2026/02/25 4:27 p.m.10 views

Security update for python313

This update for python313 fixes the following issues: Update to Python 3.13.12 CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. bsc1257031 CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References16
OpenVAS
OpenVAS
added 2026/02/20 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2026-9ad2d11c1f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS5.5AI score0.0056EPSS
Exploits0References7
Rows per page
Query Builder