Amazon Linux 2 : containerd, --advisory ALAS2ECS-2025-079 (ALASECS-2025-079)

The version of containerd installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-079 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2025-082 (ALASDOCKER-2025-082)

The version of containerd installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-082 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...

Amazon Linux 2023 : docker (ALAS2023-2025-1274)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1274 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2025-080 (ALASECS-2025-080)

The version of oci-add-hooks installed on the remote host is prior to 0-0.5.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-080 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values...

Important: oci-add-hooks

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2025-077 (ALASECS-2025-077)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-077 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

BIT-GOLANG-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

MDaemon Mail Server 安全漏洞

MDaemon Mail Server is an e-mail server software from MDaemon Inc. in the United States. A security vulnerability exists in MDaemon Mail Server version 23.5.2, which originates from a flaw in the use of email validation SPF, DKIM, and DMARC using the pointed brackets in the From header of the SMT...

Astra Linux – Vulnerability in Python 3.11

The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that include square brackets, which is not valid according to RFC 3986. Square brackets are only intended to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could lead to...

EUVD-2025-36735

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

AZL-78905 CVE-2025-47912 affecting package golang 1.25.7-1

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

UBUNTU-CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

CVE-2025-47912

CVE-2025-47912 is addressed in IBM Cloud Pak for Business Automation/IBM Business Automation Workflow container bulletins. The IBM advisories confirm that the vulnerability stems from a parsing flaw in the Parse function: it allows values other than IPv6 addresses to be placed inside square brack...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview std/net/url is a Go standard library package std/net/url Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. Go Vulnerability Report:The Parse function permits values other than IPv6 addresses to be included in...

GO-2025-4010 Insufficient validation of bracketed IPv6 hostnames in net/url

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

Google Go 安全漏洞

Google Go is a static strongly-typed, compiled, concatenated, and garbage-collected programming language from Google, Inc USA. A security vulnerability exists in Google Go that stems from the Parse function not properly validating the IPv6 address format within square brackets in the URL host...

Amazon Linux 2 : golang, --advisory ALAS2-2025-3042 (ALAS-2025-3042)

The version of golang installed on the remote host is prior to 1.24.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3042 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses...