python3 (SUSE:Linux Enterprise Server 15 SP6-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 15 SP6-LTSS package python3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2026-1299: The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email…
CVE-2026-0672: When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects…
CVE-2025-15282: User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
CVE-2025-15367: The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands…
CVE-2025-15366: The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects…
CVE-2026-0865: User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2025-11468: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This…