Total
103 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16056 | 7 Canonical, Debian, Fedoraproject and 4 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | |||||
CVE-2019-12387 | 4 Canonical, Fedoraproject, Oracle and 1 more | 5 Ubuntu Linux, Fedora, Solaris and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. | |||||
CVE-2018-20781 | 3 Canonical, Gnome, Oracle | 3 Ubuntu Linux, Gnome Keyring, Zfs Storage Appliance Kit | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. |