13 matches found
Alibaba Cloud Linux 3 : 0157: libyang (ALINUX3-SA-2026:0157)
The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2026:0157 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-44673: libyang is a YANG data modeling...
Incomplete Comparison with Missing Factors
Overview Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors in the hasvaryheader function. An attacker can gain access to cached responses intended for other users by sending requests with whitespace-padded Vary header values. Remediation Upgrade django...
PYSEC-2026-197
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...
CVE-2026-7666
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...
CVE-2026-6873
CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is a non-injective salt derivation in django.http.HttpRequest.get_signed_cookie that concatenates the cookie name and salt argument, enabling a remote attacker to use a signed cookie in a context different from where i...
PT-2026-45944
Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description The django.utils.cache.has vary header function does not strip leading or trailing whitespace from Vary response header values before comparison. This allows remote...
SUSE CVE-2026-44673
libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...
CVE-2026-44673
CVE-2026-44673 affects libyang. The issue is an integer overflow in lyb_read_string() in src/parser_lyb.c, leading to a heap buffer overflow when parsing malicious LYB binary blobs. Affected path includes any libyang consumer that processes LYB data (e.g., NETCONF servers, sysrepo). Impact is cra...
libyang 输入验证错误漏洞
LibYang is an open-source YANG data modeling language parser and toolkit developed in C language by CESNET. Versions of LibYang prior to 5.2.15 contained a vulnerability related to input validation errors. This vulnerability stemmed from an integer overflow in the lybreadstring function, which...
PT-2026-41121
Name of the Vulnerable Software and Affected Versions libyang versions prior to 5.2.15 Description The lyb read string function in src/parser lyb.c contains an integer overflow. This occurs when parsing a maliciously crafted LYB binary blob, leading to a heap buffer overflow. An attacker capable ...
WordPress Ultimate Product Catalog plugin <= 5.2.15 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Ultimate Product Catalogue versions = 5.2.15...
SUSE CVE-2010-4150
Double free vulnerability in the imapdoopen function in the IMAP extension ext/imap/phpimap.c in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via unspecified vectors...
PT-2021-3400 · Unknown · Spring Framework
Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.2.x prior to 5.2.15 Spring Framework versions 5.3.x prior to 5.3.7 Description: The issue is caused by privilege management errors in the Spring Framework platform. Exploitation of this issue may allow an attacker ...