Lucene search
K

182 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Python 3.11

The email module, specifically the “BytesGenerator” class, did not properly quote newlines for email headers when serializing an email message. This issue occurs only when using “LiteralHeader” to write headers that do not follow email folding rules. With this new behavior, headers that are...

6CVSS7AI score0.0056EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 5:36 p.m.56 views

Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

Summary Nodemailer constructs List- headers from the caller-provided list message option using internally prepared header values. The list..comment field is inserted into those prepared values without removing CR \r or LF \n characters. Because prepared headers bypass the normal header-value...

6.1AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/19 5:57 p.m.13 views

CLSA-2026-1779213441 python3.11: Fix of 11 CVEs

CVE-2026-4224: avoid unbound C recursion in convcontentmodel in pyexpat - CVE-2026-3644: reject control characters in http.cookies.Morsel.update - CVE-2026-0672: reject control characters in http.cookies.Morsel - CVE-2025-8291: check consistency of zip64 end of central directory record -...

7.5CVSS6.8AI score0.00744EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 9:10 a.m.14 views

CLSA-2026-1776330599 python3.9: Fix of 11 CVEs

CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.opencode - CVE-2026-3479: reject invalid...

7.5CVSS6.4AI score0.00621EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:10 p.m.4 views

CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

4.8CVSS5.7AI score0.00227EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/02 12:7 p.m.7 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.8AI score0.0056EPSS
Exploits0References9
OSV
OSV
added 2026/03/28 12:18 a.m.6 views

OSV-2026-481 Security exception in org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=496552925 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/26 10:36 a.m.5 views

SUSE-SU-2026:1062-1 Security update for python310

This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2026/03/23 4:6 p.m.5 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.7AI score0.0056EPSS
Exploits0References9
OSV
OSV
added 2026/03/23 10:17 a.m.5 views

CLSA-2026-1774261018 python3.9: Fix of 3 CVEs

CVE-2026-0865: Prevent HTTP header injection: validate and reject user- controlled header names and values containing newlines. - CVE-2025-15367: Reject control characters in POP3 commands - CVE-2026-1299: Reject incorrectly folded LiteralHeader values and quote newlines during BytesGenerator...

6CVSS7.1AI score0.0056EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/23 2:53 a.m.9 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.7AI score0.0056EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/03/23 2:19 a.m.5 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.7AI score0.0056EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/03/23 1:32 a.m.7 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.7AI score0.0056EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.3 views

PT-2026-27227

OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation. Attackers can bypass shell-wrapper analysis by injecting $ followed by newline and inside...

5.8CVSS6.1AI score
Exploits0References5
OSV
OSV
added 2026/03/13 8:55 p.m.9 views

GHSA-F8R2-VG7X-GH8M OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths

Summary matchesExecAllowlistPattern normalized patterns and targets with lowercasing and compiled glob matching too broadly on POSIX. In addition, the ? wildcard could match /, which allowed matches to cross path segments. Impact These matching rules could overmatch allowlist entries and permit...

6.9CVSS5.5AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/10 10:38 p.m.4 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS7.3AI score0.0056EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

SUSE SLES15 Security Update : python311 (SUSE-SU-2026:0693-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0693-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters...

6.3CVSS7.2AI score0.0055EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.6 views

SUSE SLED15: libpython3_13-1_0 / python313 / python313-base / python313-curses / etc (SUSE-SU-2026:0642-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0642-1 advisory. Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and...

6CVSS7.2AI score0.0056EPSS
Exploits0References16
OSV
OSV
added 2026/02/28 12:45 p.m.8 views

OESA-2026-1461 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

6.3CVSS5.9AI score0.0056EPSS
Exploits1References8
OSV
OSV
added 2026/02/28 12:45 p.m.6 views

OESA-2026-1458 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

6CVSS5.9AI score0.0055EPSS
Exploits0References3
Rows per page
Query Builder