Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...

Server-side Request Forgery (SSRF)

Overview deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl process. An attacker can gain unauthorized access to internal resources by supplying ...

CLSA-2026-1778768341 python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

Unity Linux 20.1060e / 20.1070e Security Update: c-ares (UTSA-2026-017414)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017414 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames...

Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq94-r468-qwgj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allo...

GHSA-W7RC-VVGX-PJ45 Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq94-r468-qwgj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allo...

CVE-2026-43582

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

CVE-2026-43582 OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

CVE-2026-43582

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

CVE-2026-43582 OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

CVE-2026-43582

OpenClaw prior to version 2026.4.10 is affected by a server-side request forgery in the browser navigation policy that lets an attacker bypass hostname validation via DNS rebinding. This enables exploitation where inconsistent hostname resolution between validation and actual network requests can...

CVE-2026-6860

CVE-2026-6860 describes a TLS SNI handling weakness where a TCP client can present an SNI that matches a server wildcard certificate (e.g., *.example.com) and be accepted by the server, allowing any XYZ.example.com under the wildcard to be used. The CVSS 4.0 vector yields a NETWORK, LOW complexit...

RHCOS 4 : OpenShift Container Platform 4.6.1 (RHSA-2020:4297)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4297 advisory. - jenkins-jira-plugin: plugin information disclosure CVE-2019-16541 - jenkins-2-plugins/mailer: Missing hostname validation in Maile...

PT-2026-38237

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A server-side request forgery issue exists in the browser navigation policy. This allows attackers to bypass hostname validation using DNS rebinding attacks, which involve exploiting inconsisten...

Improper Validation of Certificate with Host Mismatch

Overview org.apache.thrift:libthrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to improper validation of t...

openssh security update

8.7p1-49.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug: 37647064 - Update upstream references Orabug: 36564626 8.7p1-49 - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in...

Apache Thrift 安全漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability, which was caused by improper validation of certificate-hostname mismatches...

CLSA-2026-1777541147 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...