29 matches found
CVE-2026-6238
A flaw was found in glibc GNU C Library. The deprecated functions nsprintrrf, nsprintrr, and fpnquery do not properly validate the length of RDATA Resource Record Data in a DNS Domain Name System response when processing specific record types like LOC, CERT, TKEY, or TSIG. A remote attacker could...
SUSE CVE-2026-5435
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...
SUSE CVE-2026-6238
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...
CVE-2026-6238
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...
CVE-2026-6238
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...
UBUNTU-CVE-2026-6238
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...
EUVD-2026-26071
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...
CVE-2026-5435
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...
CVE-2026-5435
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...
CVE-2026-5435
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...
EUVD-2026-26036
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...
CVE-2026-5435
CVE-2026-5435 affects the GNU C Library (glibc) where deprecated functions for printing TSIG records (ns_printrrf, ns_printrr, fp_nquery) do not respect caller buffer lengths, enabling an out-of-bounds write in versions 2.2 and newer. This can lead to a denial of service and, in some scenarios, p...
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...
xous has unsound usages of `core::slice::from_raw_parts`
We consider asslice and asslicemut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated fromparts. We consider that fromparts should be removed in latest version because it will help trigger...
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the weak reference does itself not have ownership of the value. At any point the last strong reference could be cleared and the borrowed value would become dangling. In PyO3 0.22.4...
SUSE-SU-2023:4974-1 Security update for distribution
This update for distribution fixes the following issues: distribution was updated to 2.8.3 bsc1216491: Pass BUILDTAGS argument to go build Enable Go build tags reference: replace deprecated function SplitHostname Dont parse errors as JSON unless Content-Type is set to JSON update to go 1.20.8 Set...
CVE-2023-49587
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...
Usage of deprecated Chainlink functions
Lines of code Vulnerability details Impact The Chainlink functions latestAnswer and getAnswer are deprecated. Instead, use the latestRoundData and getRoundData functions. Proof of Concept Go to and search for latestAnswer or getAnswer. You'll find the deprecation notice. Tools Used none Recommend...
SUSE-SU-2021:2010-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: python-JWT was updated to 1.5.3. bsc1186173 update to version 1.5.3: Changed + Increase required version of the cryptography package to =1.4.0. Fixed + Remove uses of deprecated functions from the cryptography package. + Warn about missing...
SUSE-RU-2021:1414-1 Recommended update for boost-legacy
This update for boost-legacy fixes the following issues: Create a new boost-legacy package with version 1.66.0. bsc1175886, jscSLE-17304, jscECO-3147 - Remove duplicate license package that we get from original Boost - Add a backport of Boost.Optional::hasvalue for LibreOffice - Use %license...