Lucene search
+L

243 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.5 views

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2026:1206-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1206-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2026/03/27 11:34 a.m.4 views

Security update for python311

This update for python311 fixes the following issues: Update to python 3.11.15: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
OSV
OSV
added 2026/03/27 9:4 a.m.6 views

SUSE-SU-2026:1107-1 Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References21
OSV
OSV
added 2026/03/18 8:54 a.m.10 views

BIT-PYTHON-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References7
OSV
OSV
added 2026/03/18 8:45 a.m.3 views

BIT-LIBPYTHON-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/16 5:37 p.m.91 views

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS0.00419EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/16 5:37 p.m.4 views

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.8AI score0.00419EPSS
Exploits0References8
CVE
CVE
added 2026/03/16 5:37 p.m.89 views

CVE-2026-3644

CVE-2026-3644 is confirmed: In CPython, incomplete control character validation in http.cookies/Morsel (and related paths in Morsel.update, |=, unpickling, and BaseCookie.js_output) allows bypassing input validation and can enable HTTP header injection when cookie values or parameters contain con...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability, which stems from the incomplete repair of control characters in the http.cookies.Morsel module. This vulnerability may allow control characters to bypass input validation...

6CVSS5.8AI score0.00419EPSS
Exploits0References7
OSV
OSV
added 2026/03/07 4:6 p.m.6 views

CVE-2026-28678 dsa-hub-server: Clear-Text Storage of Sensitive Data

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens JWTs were stored in HTTP cookies without cryptographic protection...

8.1CVSS5.7AI score0.00165EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

SUSE SLES12 Security Update : python (SUSE-SU-2026:0802-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0802-1 advisory. - CVE-2024-7592: excess CPU resource consumption in http.cookies module bsc1229596 Tenable has extracted the preceding description block directly from...

7.5CVSS5.8AI score0.02303EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2026/03/04 12:34 p.m.6 views

Security update for python

This update for python fixes the following issues: CVE-2024-7592: excess CPU resource consumption in http.cookies module bsc1229596 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

2.6CVSS5.9AI score0.02303EPSS
Exploits1References4
OSV
OSV
added 2026/03/04 12:34 p.m.4 views

SUSE-SU-2026:0802-1 Security update for python

This update for python fixes the following issues: - CVE-2024-7592: excess CPU resource consumption in http.cookies module bsc1229596...

7.5CVSS5.9AI score0.02303EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

SUSE SLES15: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:0774-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0774-1 advisory. This update for python fixes the following issue: - CVE-2024-7592: uncontrolled CPU resource consumption when in http.cookies module...

7.5CVSS6.8AI score0.02303EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:0664-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0664-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing...

6CVSS7.2AI score0.0055EPSS
Exploits0References19
SUSE Linux
SUSE Linux
added 2026/03/03 1:18 p.m.5 views

Security update for python

This update for python fixes the following issue: CVE-2024-7592: uncontrolled CPU resource consumption when in http.cookies module bsc1229596. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

2.6CVSS5.9AI score0.02303EPSS
Exploits1References4
OSV
OSV
added 2026/03/03 1:18 p.m.2 views

SUSE-SU-2026:0774-1 Security update for python

This update for python fixes the following issue: - CVE-2024-7592: uncontrolled CPU resource consumption when in http.cookies module bsc1229596...

7.5CVSS5.9AI score0.02303EPSS
Exploits1References3
OSV
OSV
added 2026/02/19 10:32 a.m.2 views

SUSE-SU-2026:20581-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.12. Security issues fixed: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2025-15282: user-controlled data URLs parsed may...

6CVSS7.5AI score0.0056EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-0672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control character...

6CVSS7.3AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/20 9:52 p.m.23 views

CVE-2026-0672 Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS0.00401EPSS
Exploits0References9
Rows per page
Query Builder