CVE-2002-2325

The c-client library in Internet Message Access Protocol IMAP dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service client crash via a MIME-encoded email with Content-Type header containing an empty boundary field...

CVE-2025-4476

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...

CVE-2025-4476 Libsoup: null pointer dereference in libsoup may lead to denial of service

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...

CVE-2025-4476 Libsoup: null pointer dereference in libsoup may lead to denial of service

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...

OESA-2025-1508 postgresql-13 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

Alibaba Cloud Linux 3 : 0182: python-urllib3 (ALINUX3-SA-2024:0182)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0182 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-43804: urllib3 is a user-friendly...

php: Leak partial content of the heap through heap buffer over-read in mysqlnd

A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malicious server interactions...

AZL-61739 CVE-2025-4207 affecting package postgresql for versions less than 14.18-1

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

UBUNTU-CVE-2025-4207

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

python3.11-PyMySQL security update

An update is available for python3.11-PyMySQL. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This package contains a pure-Python MySQL client library. The goal...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

RHEL 8 : libsoup (RHSA-2025:4560)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4560 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Integer overflow in appendparamquoted...

Amazon tough 安全漏洞

Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from the client failing to detect a rollback of a delegated target during a target rollback, which could cause th...

Unexpected Status Code or Return Value

Overview Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in initConn, which causes out of order responses when CLIENT SETINFO times out while establishing a connection. Workaround This vulnerability can be avoided by setting DisableIndentity to true when...

libpq security update

An update is available for libpq. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpq package provides the PostgreSQL client library, which allows client...

RLSA-2024:9193 Moderate: python3.12-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

Important: postgresql15

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

MAL-2025-1809 Malicious code in explat-client-react-helpers (npm)

--- -= Per source details. Do not edit below this line.=-...

OESA-2025-1227 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

RLSA-2025:1737 Important: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security...