119 matches found
CVE-2026-0864
A flaw was found in the Python configparser module. When writing configuration files, an attacker who controls the input value can inject unexpected keys and values. This occurs if the input contains multi-line text with carriage return characters, leading to potential configuration manipulation...
DEBIAN-CVE-2026-0864
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-0864
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
EUVD-2026-38554
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
PSF-2026-29
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-0864
The CVE-2026-0864 entry concerns Python’s configparser.write() and how it handles multi-line text values containing carriage return characters. The vulnerability arises when attacker-controlled values are written, potentially allowing injection of unexpected keys and values into the resulting con...
PT-2026-51575
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description When using the configparser module to write configuration files containing multi-line text values with carriage return characters r, the resulting file could be injected with unexpected keys a...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur when facts used in the template do not include special template characters, especially if the user attempts to embed templates within multi-line YAML strings. This flaw allows...
CVE-2026-44345
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...
BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043)
The same Dockerfile template that mishandles envs.name pending GHSA-w2pm-x38x-jp44 also interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious bento.yaml with a multi-line docker.baseimage value smuggles arbitrary Dockerfile directives into the generated...
PT-2026-39663
Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.39 Description BentoML is a Python library used for building online serving systems optimized for AI applications and model inference. The issue occurs because the template src/bentoml/...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ansible (UTSA-2026-017461)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017461 advisory. A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is...
GHSA-C67R-GC9J-2QF7 Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header
Summary Bandit is vulnerable to CL.CL HTTP request smuggling: it silently accepts requests with two Content-Length headers whose values differ, takes the first value, and dispatches the body bytes as a second pipelined request on the same keep-alive connection. RFC 9110 §5.3 prohibits multiple...
JLSEC-2026-61
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
Zabbix 安全漏洞
Zabbix is an open-source monitoring system developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities, which stem from improper regular expression validation in multi-line modes. This could...
EUVD-2003-0201
Malware in sbrugna...
EUVD-2011-1717
Malware in sbrugna...
EUVD-2019-0514
Malware in sbrugna...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xz (UTSA-2025-986157)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986157 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file nam...