Lucene search
K

20 matches found

OSV
OSV
added 2026/02/04 7:37 a.m.4 views

SUSE-SU-2026:0375-1 Security update for libvirt

This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...

5.5CVSS6.4AI score0.00204EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.6 views

CVE-2019-11340

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...

5.9CVSS6.7AI score0.01861EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 8:1 a.m.3 views

SUSE-SU-2026:0079-1 Security update for libvirt

This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...

5.5CVSS5.8AI score0.00204EPSS
Exploits0References6
OSV
OSV
added 2026/01/08 12:22 p.m.7 views

SUSE-SU-2026:0068-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed Check ACLs before parsing the whole domain XML bsc1253278...

5.5CVSS5.8AI score0.00204EPSS
Exploits0References5
OSV
OSV
added 2026/01/05 4:8 p.m.6 views

CLSA-2026-1767629333 python2: Fix of CVE-2025-0938

CVE-2025-0938: disallow square brackets in domain names for parsed URLs to prevent differential URL parsing...

6.3CVSS6.5AI score0.01499EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-14554

Malware in sbrugna...

7.5CVSS8.4AI score0.01862EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2025/06/24 7:26 a.m.8 views

Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.5. Security issues fixed: CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter="data" bsc1244032 CVE-2025-4516: use-after-free in the unicode-escape decoder when using...

8.7CVSS7.8AI score0.0188EPSS
Exploits14References40
SUSE Linux
SUSE Linux
added 2025/05/23 1:55 p.m.2 views

Security update for python311

This update for python311 fixes the following issues: Updated to 3.11.12: gh-131809: Updated bundled libexpat to 2.7.1 gh-131261: Upgraded to libexpat 2.7.0 CVE-2025-0938: Fixed functions urllib.parse.urlsplit and urlparse accepting domain names including square brackets bsc1236705 gh-121284: Fix...

6.3CVSS7.4AI score0.01499EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/03 12:0 a.m.39 views

Browser Use 安全漏洞

Browser Use is an open source application from Browser Use. Allows AI agents to access websites. A security vulnerability exists in versions of Browser Use prior to 0.1.45 that stems from improper URL parsing of alloweddomains, which could lead to user information being placed in the authorizatio...

4CVSS6.2AI score0.00445EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/02/13 4:11 p.m.1 views

Security update for python312

This update for python312 fixes the following issues: CVE-2025-0938: Functions urllib.parse.urlsplit and urlparse accept domain names including square brackets bsc1236705. CVE-2024-12254: Unbounded memory buffering in SelectorSocketTransport.writelines bsc1234290. Other bugfixes: Position of SUSE...

8.7CVSS7.7AI score0.0188EPSS
Exploits0References10
OSV
OSV
added 2025/01/31 6:15 p.m.6 views

AZL-56343 CVE-2025-0938 affecting package python3 for versions less than 3.9.19-10

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.3 views

SUSE CVE-2017-5450

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...

7.5CVSS8.4AI score0.01862EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.2 views

SUSE CVE-2020-24336

An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. Thi...

9.8CVSS9.6AI score0.58695EPSS
Exploits0References3
OSV
OSV
added 2023/02/14 6:15 p.m.1 views

DEBIAN-CVE-2023-25566

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the...

7.5CVSS7.3AI score0.01103EPSS
Exploits0References1
Huntr
Huntr
added 2021/09/20 1:43 p.m.14 views

in osticket/osticket

Description The URL parser incorrectly parses the URL given IFrame src attributes. An attacker is able to inject iframe elements linking to arbitrary domains which can be viewed by admins, bypassing the embedded domain whitelist. Proof of Concept will render malicious-server site rather than...

6.1AI score
Exploits0
Veracode
Veracode
added 2019/12/06 6:9 a.m.10 views

Denial Of Service (DoS)

validators is vulnerable to denial of service DoS. The vulnerability exists as python would get stuck in an infinite loop when validators.domain parses a string with multiple...

7.5CVSS3.1AI score0.01171EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2017-5450

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...

7.5CVSS5.6AI score0.01862EPSS
Exploits1References4
Prion
Prion
added 2018/06/11 9:29 p.m.17 views

Design/Logic Flaw

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...

5CVSS7AI score0.01862EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.24 views

CVE-2017-5450

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...

7.6AI score0.01862EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2014/09/10 8:0 a.m.8 views

cookie leak with IP address as domain

By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application...

5CVSS7.3AI score0.07432EPSS
Exploits0Affected Software2
Rows per page
Query Builder