SUSE-SU-2025:21193-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...

CVE-2025-62475

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Core. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful...

SUSE-SU-2025:03547-1 Security update for go1.25

This update for go1.25 fixes the following issues: go1.25.2 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail, net/textproto, and net/url packages, as well as bug fixes to the compiler, the runtime, and the...

AlmaLinux 10 : buildah (ALSA-2025:9148)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9148 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

EUVD-2021-14457

Malware in sbrugna...

EUVD-2025-10828

Malicious code in bioql PyPI...

RLSA-2025:9063 Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

RHEL 9 : opentelemetry-collector (RHSA-2025:15887)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15887 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/http: Sensitive headers not cleared on cross-origin...

RHEL 9 : OpenShift Container Platform 4.19.11 (RHSA-2025:15291)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15291 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

Important: oci-add-hooks

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

CVE-2023-51391

A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service...

CVE-2025-4901

CVE-2025-4901 affects D-Link DI-7003GV2 (HTTP Endpoint component). The vulnerable element is the function sub_41E304 in the file /H5/state_view.data, whose manipulation leads to information disclosure. Exploitation is described as possible only within the local network. Multiple connected sources...

CVE-2025-30726

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object...

Micrium OS Network HTTP Server 安全漏洞

Micrium OS Network HTTP Server is an application from Micrium Corporation, USA. A security vulnerability exists in Micrium OS Network HTTP Server that stems from the presence of an invalid pointer dereference, resulting in a device crash and a denial of service DOS attack...

PT-2024-3098 · Micrium · Micrium Os Network Http Server

Name of the Vulnerable Software and Affected Versions: Micrium OS Network HTTP Server affected versions not specified Description: A bug in the Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing, potentially allowing a device crash and Denial of Service...

AZL-34761 CVE-2022-41725 affecting package golang for versions less than 1.19.5-1

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists as the Copy as cURL feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website...

CVE-2020-14569

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2018-3120

Vulnerability in the MICROS Lucas component of Oracle Retail Applications subcomponent: Security. Supported versions that are affected are 2.9.5.6 and 2.9.5.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Lucas. Successful...

CVE-2018-3068

Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products subcomponent: Compensation. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...