Lucene search
+L

65 matches found

nessus
nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2466)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Python 3.11

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model, a C stack overflow occurs...

7.5CVSS6.6AI score0.00621EPSS
Exploits0References3
osv
osv
added 2026/06/05 10:55 a.m.9 views

BIT-PYTHON-MIN-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References10
osv
osv
added 2026/05/20 12:4 p.m.6 views

BIT-PYTHON-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References10
osv
osv
added 2026/05/20 12:4 p.m.1 views

BIT-PYTHON-MIN-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References10
debian
debian
added 2026/05/15 6:12 a.m.19 views

[SECURITY] [DLA 4583-1] python3.9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4583-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout May 15, 2026 https://wiki.debian.org/LTS -...

7.5CVSS6.8AI score0.00621EPSS
Exploits0
cvelist
cvelist
added 2026/05/11 5:19 p.m.125 views

CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

6.3CVSS0.0079EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/05/11 5:19 p.m.9 views

CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

6.3CVSS5.2AI score0.0079EPSS
Exploits0References7
nessus
nessus
added 2026/04/30 12:0 a.m.8 views

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1600)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1600 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.aud...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References8
nessus
nessus
added 2026/04/30 12:0 a.m.17 views

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2026-1620)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1620 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...

9.1CVSS5.9AI score0.00621EPSS
Exploits0References10
nessus
nessus
added 2026/04/30 12:0 a.m.16 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1617)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1617 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, a...

9.1CVSS5.9AI score0.00621EPSS
Exploits0References12
redhat
redhat
added 2026/04/17 7:24 p.m.2 views

cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References10
osv
osv
added 2026/04/11 2:5 p.m.10 views

OESA-2026-1900 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

7.5CVSS5.7AI score0.00621EPSS
Exploits0References5
redhat
redhat
added 2026/04/10 7:25 p.m.3 views

cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References10
nessus
nessus
added 2026/04/01 12:0 a.m.10 views

Amazon Linux 2 : python, --advisory ALAS2-2026-3218 (ALAS-2026-3218)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3218 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |=...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References6
euvd
euvd
added 2026/03/19 12:30 p.m.7 views

EUVD-2006-7232

XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters while SvPV gives...

9.8CVSS6AI score0.00604EPSS
Exploits0References4
susecve
susecve
added 2026/03/17 12:26 a.m.4 views

SUSE CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References22
euvd
euvd
added 2026/03/16 6:32 p.m.5 views

EUVD-2026-12486

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

6CVSS5.8AI score0.00621EPSS
Exploits0References7
nvd
nvd
added 2026/03/16 6:16 p.m.4 views

CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

7.5CVSS0.00621EPSS
Exploits0References9
osv
osv
added 2026/03/16 6:16 p.m.6 views

ALPINE-CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

7.5CVSS5.4AI score0.00621EPSS
Exploits0References1
Rows per page
Query Builder