25 matches found
TencentOS Server 3: osbuild-composer (TSSA-2026:0387)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0387 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
PT-2026-43396
Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch endpoint "chat/api/oss/get url" where inconsistent URL parsing between the urlparse validation function and the requests HTTP client allows for a...
Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1572)
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1572 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.1)
The version of AOS installed on the remote host is prior to 7.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.1 advisory. - A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1482)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1482 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...
RHEL 9 : osbuild-composer (RHSA-2026:5327)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5327 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...
RHEL 10 : osbuild-composer (RHSA-2026:3752)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3752 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...
ALSA-2026:3752 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: crypto/x50...
Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted...
CVE-2018-4016
An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...
CVE-2025-1211
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney...
EUVD-2018-15802
Malware in sbrugna...
EUVD-2018-0418
Malware in sbrugna...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...
SUSE-SU-2025:02122-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to MozillaFirefox 128.12.0 MFSA 2025-23, bsc1244670: - CVE-2025-6424: Use-after-free in FontFaceSet - CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID - CVE-2025-6426: No warning when opening...
CVE-2025-47241
In browser-use aka Browser Use before 0.1.45, URL parsing of alloweddomains is mishandled because userinfo can be placed in the authority component...
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-899)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-899 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...
CVE-2024-51138
Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier;...
The vulnerability of the module responsible for processing URL addresses of medical image and data management systems, such as Sante PACS Server PG, allows a hacker to trigger a service failure.
The vulnerability of the URL parsing module of the Sante PACS Server PG system is related to insufficient data validation during URL parsing. Exploiting this vulnerability could allow an attacker to cause service interruptions...
CVE-2022-3818
An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance...