Lucene search
K

6 matches found

OSV
OSV
added 2025/05/22 2:49 p.m.4 views

USN-7280-2 python vulnerability

USN-7280-1 fixed a vulnerability in Python. This update provides the corresponding updates for some additional Python packages in Ubuntu releases. Original advisory details: It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker cou...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References2
Amazon
Amazon
added 2025/03/25 12:0 a.m.3 views

Medium: python

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

7.5CVSS7.2AI score0.02303EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2025/02/13 10:11 a.m.1 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.3CVSS7.3AI score0.01499EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/02/10 1:55 p.m.2 views

Security update for python310

This update for python310 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

6.3CVSS7.5AI score0.01499EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/02/01 3:47 a.m.5 views

SUSE CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

4CVSS7AI score0.01499EPSS
Exploits0References30
OSV
OSV
added 2025/01/31 6:15 p.m.2 views

UBUNTU-CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References9
Rows per page
Query Builder