Django 4.x < 4.2.22, 5.0.x < 5.1.10, 5.2.x < 5.2.2 Log Injection Vulnerability - Windows

Django is prone to a log injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if...

Django 4.x < 4.2.22, 5.0.x < 5.1.10, 5.2.x < 5.2.2 Log Injection Vulnerability - Linux

Django is prone to a log injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if...

SUSE: Security Advisory (SUSE-SU-2024:1943-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the tarfile extraction process when using the filter parameter set to "data" or "tar". An attacker can modify file metadata, such as timestamps or permissions, of files located outside the intended extraction...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via TarFile.extractall and TarFile.extract functions in the tarfile module when using the filter parameter set to data or tar. An attacker can gain unauthorised access to files outside the intended extraction directo...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the tarfile module's extraction process when using the extractall or extract functions with the filter parameter set to "data" or "tar". An attacker can cause files or symlinks to be created outside the intended...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the tarfile extraction process when using the filter parameter set to "data" or "tar". An attacker can write files outside the intended extraction directory by convincing a privileged user or process to extract a...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS. bsc1243273 Update to 3.11.12: gh-105704: When using urllib.parse.urlsplit and urllib.parse.urlparse host parsing would not reject domain names containin...

SUSE-SU-2025:20374-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS. bsc1243273 Update to 3.11.12: - gh-105704: When using urllib.parse.urlsplit and urllib.parse.urlparse host parsing would not reject domain names...

GHSA-J972-J939-P2V3 quic-go Has Panic in Path Probe Loss Recovery Handling

Impact The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses thereby triggering the newly adde...

quic-go Has Panic in Path Probe Loss Recovery Handling

Impact The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses thereby triggering the newly adde...

SUSE CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

Improper Link Resolution Before File Access ('Link Following')

Overview org.webjars.npm:tar-fs is a filesystem bindings for tar-stream. Affected versions of this package are vulnerable to Improper Link Resolution Before File Access 'Link Following' through the exports.extract function. An attacker can manipulate the path of extracted files to write outside t...

DEBIAN-CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

UBUNTU-CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

CVE-2025-29785

CVE-2025-29785 affects quic-go. The vulnerability stems from the loss recovery logic for path probe packets added in v0.50.0, which can trigger a nil-pointer dereference when a malicious QUIC client sends specific crafted ACKs after starting from multiple remote addresses and allowing path probe ...