341 matches found
cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection
A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email,...
cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection
A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email,...
Moderate: Red Hat Security Advisory: python3.12 security update
An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ALSA-2024:6163 Moderate: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
AlmaLinux 9 : python3.12 (ALSA-2024:6146)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:6146 advisory. cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection CVE-2024-6923 Tenable has extracted the preceding...
RHEL 9 : python3.12 (RHSA-2024:6146)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6146 advisory. Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It...
RHEL 9 : python3.11 (RHSA-2024:6179)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6179 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2024:5962)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5962 advisory. python: incorrect IPv4 and IPv6 private ranges CVE-2024-4032 pypa/setuptools: Remote code execution via download functions in the packageindex module in...
cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection
A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email,...
ALSA-2024:5962 Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
BIT-PYTHON-2024-6923 Email header injection due to unquoted newlines
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...
CVE-2024-7503
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'wooslgconfirmemailuser' function. This makes it possible for unauthenticated attackers to l...
CVE-2024-7503
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'wooslgconfirmemailuser' function. This makes it possible for unauthenticated attackers to l...
CVE-2024-7503
CVE-2024-7503 refers to a authentication bypass in the WooCommerce - Social Login plugin for WordPress (affected versions up to and including 2.7.5). The root cause is a loose comparison of the activation code in the woo_slg_confirm_email_user function, enabling unauthenticated attackers (with ac...
CVE-2024-7503 WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'wooslgconfirmemailuser' function. This makes it possible for unauthenticated attackers to l...
PT-2024-38393 · WordPress · Woocommerce - Social Login
Name of the Vulnerable Software and Affected Versions: WooCommerce - Social Login plugin for WordPress versions up to 2.7.5 Description: The issue is due to the use of loose comparison of the activation code in the woo slg confirm email user function. This makes it possible for unauthenticated...
CVE-2024-6923
A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email,...
Python Email Header Injection Vulnerability (Aug 2024) - Linux
Python is prone to an email header injection vulnerability in the email module. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...