6984 matches found
EUVD-2025-34125
Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it h...
KB5066877: Windows Server 2008 Security Update (October 2025)
The remote Windows host is missing security update 5066877. It is, therefore, affected by multiple vulnerabilities - tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual til...
PT-2025-41837
Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS ABAP and ABAP Platform affected versions not specified Description A memory corruption issue exists in SAP NetWeaver AS ABAP and ABAP Platform. An unauthenticated attacker can exploit this by sending a corrupted SAP Logon Tick...
Fortinet FortiOS SSL-VPN 代码问题漏洞
Fortinet FortiOS SSL-VPN is a VPN software from Fortinet, Inc. A code issue vulnerability exists in Fortinet FortiOS SSL-VPN that stems from insufficient session expiration, which could allow a remote attacker to reopen a session by reusing SAML records. The following versions are affected:...
SUSE CVE-2025-61911
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
Summary The sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and the non-default escapemode=1 is configured. Details The method ldap.filter.escapefilterchars supports 3...
DEBIAN-CVE-2025-61911
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
AZL-68430 CVE-2025-61911 affecting package python-ldap 3.4.4-1
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
UBUNTU-CVE-2025-61911
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...
CVE-2025-61911
Summary: The issue CVE-2025-61911 affects python-ldap up to version 3.4.4 (pre-3.4.5). When using ldap.filter.escape_filter_chars with escape_mode=1, the function can fail to fully escape characters if assertion_value is a crafted list or dict, risking LDAP injection. The 3.4.5 fix adds a type ch...
GHSA-47M2-4CR7-MHCW quic-go: Panic occurs when queuing undecryptable packets after handshake completion
Summary A misbehaving or malicious server can trigger an assertion in a quic-go client and crash the process by sending a premature HANDSHAKEDONE frame during the handshake. Impact A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an...
quic-go: Panic occurs when queuing undecryptable packets after handshake completion
Summary A misbehaving or malicious server can trigger an assertion in a quic-go client and crash the process by sending a premature HANDSHAKEDONE frame during the handshake. Impact A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an...
DEBIAN-CVE-2025-59530
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...
JLSEC-2025-15 An issue was discovered in cairo 1.16.0
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function cairoarcindirection in the file cairo-arc.c...
python-ldap 安全漏洞
python-ldap is a python foundation LDAP client API for Python. A security vulnerability exists in python-ldap versions prior to 3.4.5, which stems from the ldap.filter.escapefilterchars method not properly handling the assertionvalue parameter of type list or dict in escapemode=1 mode, which coul...