CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

PSF-2023-2 Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

Python 输入验证错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. An input validation error vulnerability exists in Python versions prior to 2.7.18, and versions 3.x through 3.11,...

PT-2023-4573

Name of the Vulnerable Software and Affected Versions Python versions 0 through 2.7.18 Python versions 3.x through 3.11.3 Description The email module of Python incorrectly parses e-mail addresses that contain a special character, allowing attackers to bypass protection mechanisms. This can be...

CVE-2023-27043

CVE-2023-27043 : The Python email module (email/_parseaddr.py) misparses e-mail addresses with a special character, causing the addr-spec to be taken from the wrong RFC2822 header field. This can allow bypassing domain-based signup protections (e.g., restricting to @company.example.com). The Astr...

MediaTek 芯片安全漏洞

MediaTek chips are a variety of chips from MediaTek, a company owned by MediaTek of China. A security vulnerability exists in the MtkEmail module of the MediaTek chips, which results in privilege escalation due to fragment injection. This could result in a local privilege escalation without...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.3)

The version of AOS installed on the remote host is prior to 5.15.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.3 advisory. - An issue was found in Linux kernel before 5.5.4. The mwifiexcmdappendvsietlv function in...

Python < 2.7.17, 3.x < 3.5.8, 3.6.x < 3.6.10, 3.7.x < 3.7.5 Improper Input Validation Vulnerability (bpo-34155) - Linux

The email module in Python is vulnerable due to improper input validation. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Python < 2.7.17, 3.x < 3.5.8, 3.6.x < 3.6.10, 3.7.x < 3.7.5 Improper Input Validation Vulnerability (bpo-34155) - Windows

The email module in Python is vulnerable due to improper input validation. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 CyVDB-2029 Improper input validation vulnerability in Workflow CWE-20 - CVE-2021-20754 CyVDB-2071 Viewing restrictions...

phplist cross-site scripting vulnerability (CNVD-2021-48521)

PhpList is a suite of open source newsletter and email marketing software from PhpList UK. A cross-site scripting vulnerability exists in the Import Email module in phplist 3.5.4, which can be exploited by an authenticated attacker to execute arbitrary Web script or HTML via a crafted payload...

phplist 跨站脚本漏洞

PhpList is a suite of open source newsletter and email marketing software from PhpList UK. A cross-site scripting vulnerability exists in the Import Email module in phplist 3.5.4, which can be exploited by an authenticated attacker to execute arbitrary Web script or HTML via a crafted payload...

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "Add List" field under the "Import Email" module...

SUSE SLES11 Security Update : python (SUSE-SU-2021:14198-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14198-1 advisory. - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses...

SUSE-SU-2021:14198-1 Security update for python

This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. bsc1149955...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2020-0059)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricke...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Multiple Vulnerabilities (NS-SA-2020-0094)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by multiple vulnerabilities: - http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricke...

MGASA-2020-0400 Updated webmin package fixes security vulnerabilities

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. CVE-2020-8820 An...

CVE-2020-12670

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...