Lucene search
K

10 matches found

OSV
OSV
added 2025/09/29 12:7 p.m.6 views

USN-7015-7 python2.7 regression

USN-7015-4 fixed vulnerabilities in Python. It was discovered that the fix for CVE-2023-27043 for python2.7 was incorrectly applied on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the...

5.3CVSS5.9AI score0.02527EPSS
Exploits1References3
OSV
OSV
added 2025/08/11 1:52 p.m.7 views

BIT-LIBPYTHON-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS7.2AI score0.02303EPSS
Exploits1References13
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.12 views

Astra Linux – Vulnerability in Python 3.11

There is a low-severity vulnerability affecting CPython, specifically the ‘http.cookies’ standard library module. When parsing cookies where quotes were represented by backslashes in the cookie value, the parser uses an algorithm with quadratic complexity, resulting in excessive CPU resources bei...

7.5CVSS6.7AI score0.02303EPSS
Exploits1References3
OSV
OSV
added 2024/10/01 7:4 a.m.5 views

USN-7015-3 python2.7, python3.5 vulnerability

USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for python3.5 in Ubuntu 16.04 LTS. Original advisory details: It was discovered th...

5.3CVSS6.8AI score0.02527EPSS
Exploits1References2
Mageia
Mageia
added 2024/09/27 1:30 a.m.53 views

Updated python3 packages fix security vulnerabilities

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

8.7CVSS7.1AI score0.02527EPSS
Exploits4References8
OSV
OSV
added 2024/09/19 5:36 p.m.4 views

USN-7015-2 python2.7, python3.5 vulnerabilities

USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for python3.5 for Ubuntu 16.04 LTS. Original advisory details: It was discovered tha...

7.5CVSS6.8AI score0.02303EPSS
Exploits3References3
OSV
OSV
added 2024/09/16 12:15 p.m.3 views

USN-7015-1 python3.10, python3.12, python3.8 vulnerabilities

It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. CVE-2023-27043 It was discovered that Python allowed excessive backtracking while parsing...

8.7CVSS6.8AI score0.02527EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2023/05/16 9:2 a.m.5 views

curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

3.7CVSS6.8AI score0.01839EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/01/05 12:0 a.m.51 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-1005)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the...

9.8CVSS7AI score0.04325EPSS
Exploits2References5
Exploit DB
Exploit DB
added 2012/01/31 12:0 a.m.242 views

Apache - httpOnly Cookie Disclosure

// Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i content var content =...

7.4AI score
Exploits0
Rows per page
Query Builder