Lucene search
K

8 matches found

RedHat Linux
RedHat Linux
added 2026/03/12 1:40 p.m.8 views

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.7AI score0.00463EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

SUSE SLES15 Security Update : python311 (SUSE-SU-2026:0693-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0693-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters...

6.3CVSS7.2AI score0.0055EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.6 views

SUSE SLED15: libpython3_13-1_0 / python313 / python313-base / python313-curses / etc (SUSE-SU-2026:0642-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0642-1 advisory. Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and...

6CVSS7.2AI score0.0056EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.7 views

SUSE SLES15 / openSUSE 15 Security Update : python39 (SUSE-SU-2026:0643-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0643-1 advisory. - CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively...

6CVSS7.2AI score0.0055EPSS
Exploits0References19
Amazon
Amazon
added 2026/02/18 12:0 a.m.7 views

Medium: python3.13

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.6AI score0.0056EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/21 8:48 p.m.2 views

CVE-2026-0865

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

5.9CVSS6.9AI score0.00463EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.7 views

Astra Linux – Vulnerability in Python 3.11

There is a medium-severity vulnerability affecting CPython. The email module does not properly quote newlines for email headers when serializing an email message, allowing for header injection when an email is serialized...

5.5CVSS6.8AI score0.00737EPSS
Exploits0References3
OSV
OSV
added 2021/08/19 2:53 p.m.5 views

USN-5047-1 firefox vulnerability

It was discovered that Firefox could be made to incorrectly accept newlines in HTTP/3 response headers. If a user were tricked into opening a specially crafted website, an attacker could exploit this to conduct header splitting attacks...

8.1CVSS7.2AI score0.00885EPSS
Exploits0References2
Rows per page
Query Builder