15 matches found
UBUNTU-CVE-2026-45409
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
CVE-2026-45409
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
CVE-2026-45409
CVE-2026-45409 affects Python’s IDNA handling (idna.encode) in Python-idna. A specially crafted input could cause heavy resource consumption and potential DoS. The issue mirrors CVE-2024-3651; fixes were extended in 3.14–3.15 to reject long inputs earlier and more broadly (per-label conversions a...
EUVD-2026-34921
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the idna.encode function when processing very large domain name inputs that exploit the validcontexto function before length validation. This is triggered by arbitrarily large inputs th...
Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)
Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...
Updated xrdp packages fix security vulnerability
xrdp improperly checks bounds of domain string length, which leads to Stack-based Buffer Overflow. CVE-2025-68670...
CVE-2025-68670
CVE-2025-68670 affects xrdp and related components (e.g., xorgxrdp). The bug is an unauthenticated, stack-based buffer overflow caused by improper bounds checking when processing user domain information during the connection sequence. Exploitation could lead to remote code execution with network ...
SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2025:4264-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...
多款Qualcomm产品缓冲区错误漏洞
Qualcomm MDM9206 and others are products of Qualcomm Incorporated.MDM9206 is a central processing unit CPU product.MDM9607 is a central processing unit CPU product.MDM9640 is a central processing unit CPU product. A buffer error vulnerability exists in various Qualcomm components, which stems fro...
Contiki 缓冲区错误漏洞
Nut/OS is a modular, open-source real-time operating system for embedded platforms. A denial of service and remote code execution vulnerability exists in the DNS implementation in Ethernut in Nut/OS 5.1. The vulnerability stems from using the length byte of a domain name in a DNS query/response f...
Ipswitch WS_FTP Server 1.0.x/2.0.x 'STAT' Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3507/info WSFTP Server, a popular FTP server for Microsoft Windows platforms, is vulnerable to a buffer overflow condition when a user submits a specially crafted legitimate FTP command. WSFTP Server by default runs as a...
RE: DoS code for Cisco VLAN Trunking Protocol Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, This is Paul Oxman with Cisco PSIRT. For mitigations and workarounds, please consult the Cisco Security Response available at: http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml Regards From: showrun.lee mailto:[email protected]...