20 matches found
SUSE-SU-2026:0375-1 Security update for libvirt
This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...
CVE-2019-11340
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...
SUSE-SU-2026:0079-1 Security update for libvirt
This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...
SUSE-SU-2026:0068-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed Check ACLs before parsing the whole domain XML bsc1253278...
CLSA-2026-1767629333 python2: Fix of CVE-2025-0938
CVE-2025-0938: disallow square brackets in domain names for parsed URLs to prevent differential URL parsing...
EUVD-2017-14554
Malware in sbrugna...
Security update for python313
This update for python313 fixes the following issues: Update to version 3.13.5. Security issues fixed: CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter="data" bsc1244032 CVE-2025-4516: use-after-free in the unicode-escape decoder when using...
Security update for python311
This update for python311 fixes the following issues: Updated to 3.11.12: gh-131809: Updated bundled libexpat to 2.7.1 gh-131261: Upgraded to libexpat 2.7.0 CVE-2025-0938: Fixed functions urllib.parse.urlsplit and urlparse accepting domain names including square brackets bsc1236705 gh-121284: Fix...
Browser Use 安全漏洞
Browser Use is an open source application from Browser Use. Allows AI agents to access websites. A security vulnerability exists in versions of Browser Use prior to 0.1.45 that stems from improper URL parsing of alloweddomains, which could lead to user information being placed in the authorizatio...
Security update for python312
This update for python312 fixes the following issues: CVE-2025-0938: Functions urllib.parse.urlsplit and urlparse accept domain names including square brackets bsc1236705. CVE-2024-12254: Unbounded memory buffering in SelectorSocketTransport.writelines bsc1234290. Other bugfixes: Position of SUSE...
AZL-56343 CVE-2025-0938 affecting package python3 for versions less than 3.9.19-10
The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...
SUSE CVE-2017-5450
A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...
SUSE CVE-2020-24336
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. Thi...
DEBIAN-CVE-2023-25566
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the...
in osticket/osticket
Description The URL parser incorrectly parses the URL given IFrame src attributes. An attacker is able to inject iframe elements linking to arbitrary domains which can be viewed by admins, bypassing the embedded domain whitelist. Proof of Concept will render malicious-server site rather than...
Denial Of Service (DoS)
validators is vulnerable to denial of service DoS. The vulnerability exists as python would get stuck in an infinite loop when validators.domain parses a string with multiple...
CVE-2017-5450
A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...
Design/Logic Flaw
A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...
CVE-2017-5450
A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...
cookie leak with IP address as domain
By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application...