Lucene search
K

11 matches found

OSV
OSV
added 3 days ago3 views

RHSA-2026:32992 Red Hat Security Advisory: python3.12-urllib3 security update

Bulletin has no description...

7.5CVSS5.7AI score0.0068EPSS
Exploits0References15
OSV
OSV
added 2026/03/10 6:54 p.m.4 views

SUSE-SU-2026:20665-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-11468: preserving parens when folding comments in email headers. bsc1257029 - CVE-2026-0672: rejects control characters in http cookies. bsc1257031 - CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which coul...

6.3CVSS5.8AI score0.0055EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 2026/02/16 9:33 p.m.9 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
OSV
OSV
added 2026/01/26 12:0 a.m.5 views

ALSA-2026:1239 Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: urllib3: urllib3: Unbounded decompression chain leads to resource...

8.9CVSS7.5AI score0.02667EPSS
Exploits0References8
OSV
OSV
added 2026/01/23 12:24 p.m.10 views

OESA-2026-1235 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious...

8.9CVSS5.5AI score0.00622EPSS
Exploits0References2
OSV
OSV
added 2024/08/01 3:47 p.m.3 views

CLSA-2024-1722527236 Fix CVE(s): CVE-2021-3733

SECURITY UPDATE: Regular Expression Denial of Service - debian/patches/CVE-2021-3733.patch: Fix ReDoS vulnerability in AbstractBasicAuthHandler class of Lib/urllib2.py - CVE-2021-3733...

6.5CVSS6.8AI score0.04675EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.3 views

SUSE CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

4CVSS9.3AI score0.04675EPSS
Exploits1References43
Tenable Nessus
Tenable Nessus
added 2019/07/15 12:0 a.m.31 views

Debian DLA-1852-1 : python3.4 security update

The urllib library in Python ships support for a second, not well known URL scheme for accessing local files 'localfile://'. This scheme can be used to circumvent protections that try to block local file access and only block the well-known 'file://' schema. This update addresses the vulnerabilit...

9.1CVSS6.7AI score0.11844EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2019/03/19 12:0 a.m.3 views

Python Project urllib CRLF Injection (CVE-2019-9740)

A CRLF injection vulnerability exists in Python Project urllib library. Successful exploitation could allow attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...

4.3CVSS2.9AI score0.05328EPSS
Exploits1
OSV
OSV
added 2014/12/12 11:59 a.m.2 views

UBUNTU-CVE-2014-9365

The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...

5.8CVSS6.8AI score0.03269EPSS
Exploits1References3
Cent OS
Cent OS
added 2011/05/05 9:37 p.m.85 views

python, tkinter security update

CentOS Errata and Security Advisory CESA-2011:0491 Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

6.4CVSS6.9AI score0.27924EPSS
Exploits3References7
Rows per page
Query Builder