Lucene search
+L

57 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Python 3.11, Python 3.7

The email module, specifically the “BytesGenerator” class, did not properly quote newlines for email headers when serializing an email message. This issue occurs only when using “LiteralHeader” to write headers that do not follow email folding rules. The new behavior will reject incorrectly folde...

6CVSS6.9AI score0.0056EPSS
Exploits0References2
redhat
redhat
added 2026/04/17 7:24 p.m.3 views

cpython: Missing character filtering in Python

Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not...

5.7CVSS6.9AI score0.0055EPSS
Exploits0References7
redhat
redhat
added 2026/04/17 6:54 p.m.2 views

cpython: Missing character filtering in Python

Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not...

5.7CVSS6.9AI score0.0055EPSS
Exploits0References7
osv
osv
added 2026/04/16 9:10 a.m.20 views

CLSA-2026-1776330599 python3.9: Fix of 11 CVEs

CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.opencode - CVE-2026-3479: reject invalid...

7.5CVSS6.4AI score0.00621EPSS
Exploits0References1
redhat
redhat
added 2026/04/11 7:41 p.m.3 views

cpython: Missing character filtering in Python

Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not...

5.7CVSS6.9AI score0.0055EPSS
Exploits0References7
redhat
redhat
added 2026/04/10 7:25 p.m.2 views

cpython: Missing character filtering in Python

Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not...

5.7CVSS6.9AI score0.0055EPSS
Exploits0References7
redhat
redhat
added 2026/04/10 7:25 p.m.1 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.9AI score0.0056EPSS
Exploits0References9
redhat
redhat
added 2026/04/02 12:7 p.m.7 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.8AI score0.0056EPSS
Exploits0References9
osv
osv
added 2026/03/23 10:17 a.m.7 views

CLSA-2026-1774261018 python3.9: Fix of 3 CVEs

CVE-2026-0865: Prevent HTTP header injection: validate and reject user- controlled header names and values containing newlines. - CVE-2025-15367: Reject control characters in POP3 commands - CVE-2026-1299: Reject incorrectly folded LiteralHeader values and quote newlines during BytesGenerator...

6CVSS7.1AI score0.0056EPSS
Exploits0References1
redhat
redhat
added 2026/03/23 2:53 a.m.9 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.7AI score0.0056EPSS
Exploits0References9
nessus
nessus
added 2026/03/05 12:0 a.m.6 views

SUSE SLES15 Security Update : python311 (SUSE-SU-2026:0693-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0693-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters...

6.3CVSS7.2AI score0.0055EPSS
Exploits1References22
nessus
nessus
added 2026/03/04 12:0 a.m.6 views

SUSE SLED15: libpython3_13-1_0 / python313 / python313-base / python313-curses / etc (SUSE-SU-2026:0642-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0642-1 advisory. Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and...

6CVSS7.2AI score0.0056EPSS
Exploits0References16
osv
osv
added 2026/02/28 12:45 p.m.6 views

OESA-2026-1458 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

6CVSS5.9AI score0.0055EPSS
Exploits0References3
suse
suse
added 2026/02/24 3:14 p.m.4 views

Security update for python310

This update for python310 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
amazon
amazon
added 2026/02/18 12:0 a.m.7 views

Medium: python3.13

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.6AI score0.0056EPSS
Exploits0
osv
osv
added 2026/02/03 8:53 a.m.8 views

BIT-PYTHON-MIN-2026-1299 email BytesGenerator header injection due to unquoted newlines

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

6CVSS5.4AI score0.00782EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.10 views

PT-2026-6338

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

6CVSS8.3AI score0.00782EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.4 views

PT-2026-6342

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

6CVSS8.3AI score0.00782EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.3 views

PT-2026-6343

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

6CVSS8.3AI score0.00782EPSS
Exploits0References11
osv
osv
added 2026/01/26 2:49 p.m.4 views

BIT-PYTHON-MIN-2025-11468 Folding email comments of unfoldable characters doesn't preserve parenthesis

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

5.7CVSS5.9AI score0.0055EPSS
Exploits0References10
Rows per page
Query Builder