Lucene search
K

8 matches found

Amazon
Amazon
added 2026/04/30 12:0 a.m.14 views

Important: python3.12

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

9.1CVSS4.7AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.12 views

Important: python3.14

Issue Overview: When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. CVE-2026-0672 The fix for CVE-2026-0672, which rejected control characters...

9.1CVSS4.7AI score0.00621EPSS
Exploits0
CVE
CVE
added 2026/03/19 11:3 a.m.29 views

CVE-2006-10002

CVE-2006-10002 affects the Perl XML::Parser module (XML::Parser/Expat). Connected documents confirm a heap corruption/crash vector caused by an overflow in a pre-allocated buffer during parsing, notably in parse_stream() and the UTF-8 handling path. The issue appears in XML::Parser versions up to...

9.8CVSS6AI score0.00604EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.124 views

macOS 14.x < 14.8.4 Multiple Vulnerabilities (126350)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.4. It is, therefore, affected by multiple vulnerabilities: - A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and...

9CVSS6.5AI score0.01279EPSS
Exploits2References45
Rosalinux
Rosalinux
added 2025/11/09 1:37 p.m.6 views

Advisory ROSA-SA-2025-3050

Software: expat 2.2.5 OS: ROSA Virtualization 3.1 unaffected versions = expat-2.2.5-17.0.1.rv31 affected versions expat-2.2.5-17.0.1.rv31 CVE-ID: CVE-2019-15903 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to incorrect restriction of xml...

9.8CVSS8.8AI score0.34174EPSS
Exploits5
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.5 views

xmlrpc-c security and bug fix update

An update is available for xmlrpc-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XML-RPC is a remote procedure call RPC protocol that uses XML to encode its...

7.5CVSS7.7AI score0.01815EPSS
Exploits1
Redos
Redos
added 2022/02/25 12:0 a.m.86 views

ROS-20220225-01

Expat parsing library vulnerability, related to integer overflow in copyString. Exploitation vulnerability could allow an attacker acting remotely to pass specially crafted data to an application, cause an integer overflow, and cause a denial of service condition on the target system. data, trigg...

9.8CVSS9.3AI score0.34174EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2016/06/17 12:0 a.m.5 views

The vulnerability of the Expat scraping library allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Expat parsing library arises due to buffer overflow. Exploiting this vulnerability allows a remote attacker to cause a service failure or execute arbitrary code crashloop using a specially crafted document...

7.5CVSS8.2AI score0.13335EPSS
Exploits3References7Affected Software2
Rows per page
Query Builder