8 matches found
Important: python3.12
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
Important: python3.14
Issue Overview: When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. CVE-2026-0672 The fix for CVE-2026-0672, which rejected control characters...
CVE-2006-10002
CVE-2006-10002 affects the Perl XML::Parser module (XML::Parser/Expat). Connected documents confirm a heap corruption/crash vector caused by an overflow in a pre-allocated buffer during parsing, notably in parse_stream() and the UTF-8 handling path. The issue appears in XML::Parser versions up to...
macOS 14.x < 14.8.4 Multiple Vulnerabilities (126350)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.4. It is, therefore, affected by multiple vulnerabilities: - A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and...
Advisory ROSA-SA-2025-3050
Software: expat 2.2.5 OS: ROSA Virtualization 3.1 unaffected versions = expat-2.2.5-17.0.1.rv31 affected versions expat-2.2.5-17.0.1.rv31 CVE-ID: CVE-2019-15903 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to incorrect restriction of xml...
xmlrpc-c security and bug fix update
An update is available for xmlrpc-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XML-RPC is a remote procedure call RPC protocol that uses XML to encode its...
ROS-20220225-01
Expat parsing library vulnerability, related to integer overflow in copyString. Exploitation vulnerability could allow an attacker acting remotely to pass specially crafted data to an application, cause an integer overflow, and cause a denial of service condition on the target system. data, trigg...
The vulnerability of the Expat scraping library allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the Expat parsing library arises due to buffer overflow. Exploiting this vulnerability allows a remote attacker to cause a service failure or execute arbitrary code crashloop using a specially crafted document...