Lucene search
K

8 matches found

Debian
Debian
added 2026/05/15 6:12 a.m.18 views

[SECURITY] [DLA 4583-1] python3.9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4583-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout May 15, 2026 https://wiki.debian.org/LTS -...

7.5CVSS6.8AI score0.00621EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.15 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1617)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1617 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, a...

9.1CVSS5.9AI score0.00621EPSS
Exploits0References12
OSV
OSV
added 2026/04/27 12:0 a.m.13 views

ALSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS6AI score0.01279EPSS
Exploits1References24
SUSE Linux
SUSE Linux
added 2026/03/27 11:34 a.m.4 views

Security update for python311

This update for python311 fixes the following issues: Update to python 3.11.15: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
Vulnrichment
Vulnrichment
added 2026/03/16 5:37 p.m.3 views

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.8AI score0.00419EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability, which stems from the incomplete repair of control characters in the http.cookies.Morsel module. This vulnerability may allow control characters to bypass input validation...

6CVSS5.8AI score0.00419EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-0672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control character...

6CVSS7.3AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/20 9:52 p.m.17 views

CVE-2026-0672 Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS0.00401EPSS
Exploits0References9
Rows per page
Query Builder