Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.13 views

RockyLinux 9 : python3.12 (RLSA-2026:19177)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19177 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

9.1CVSS7.2AI score0.01279EPSS
Exploits1References25
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.15 views

RHEL 10 : python3.12 (RHSA-2026:19064)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19064 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.1CVSS7.2AI score0.01279EPSS
Exploits1References26
Debian
Debian
added 2026/05/15 6:12 a.m.18 views

[SECURITY] [DLA 4583-1] python3.9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4583-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout May 15, 2026 https://wiki.debian.org/LTS -...

7.5CVSS6.8AI score0.00621EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.6 views

ROS-20260505-73-0054

A vulnerability in the http.cookies.Morsel component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

6CVSS7.3AI score0.00401EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.7 views

ROS-20260505-73-0051

A vulnerability in the http.cookies.Morsel component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the availability of protected information...

6CVSS7.3AI score0.00401EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.15 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1617)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1617 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, a...

9.1CVSS5.9AI score0.00621EPSS
Exploits0References12
OSV
OSV
added 2026/04/27 12:0 a.m.13 views

ALSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS6AI score0.01279EPSS
Exploits1References24
UbuntuCve
UbuntuCve
added 2026/04/22 8:16 p.m.4 views

CVE-2026-6019

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/03/27 11:34 a.m.4 views

Security update for python311

This update for python311 fixes the following issues: Update to python 3.11.15: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
OSV
OSV
added 2026/03/26 10:36 a.m.5 views

SUSE-SU-2026:1062-1 Security update for python310

This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References19
OSV
OSV
added 2026/03/18 8:55 a.m.5 views

BIT-PYTHON-MIN-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References7
OSV
OSV
added 2026/03/16 6:16 p.m.5 views

CVE-2026-3644

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.9AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/16 5:37 p.m.3 views

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.8AI score0.00419EPSS
Exploits0References8
OSV
OSV
added 2026/03/16 5:37 p.m.9 views

PSF-2026-11

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability, which stems from the incomplete repair of control characters in the http.cookies.Morsel module. This vulnerability may allow control characters to bypass input validation...

6CVSS5.8AI score0.00419EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-0672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control character...

6CVSS7.3AI score0.00401EPSS
Exploits0References3
OSV
OSV
added 2026/01/26 2:50 p.m.5 views

BIT-PYTHON-MIN-2026-0672 Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.9AI score0.00401EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/01/22 12:25 a.m.5 views

SUSE CVE-2026-0672

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

7.5CVSS5.4AI score0.00401EPSS
Exploits0References28
OSV
OSV
added 2026/01/20 10:15 p.m.1 views

DEBIAN-CVE-2026-0672

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.2AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 9:52 p.m.18 views

CVE-2026-0672 Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS0.00401EPSS
Exploits0References9
Rows per page
Query Builder