GNU libmicrohttpd 代码问题漏洞

GNU libmicrohttpd is an application from the US GNU community. Runs an HTTP server as part of another application. A code issue vulnerability exists in GNU libmicrohttpd 1.0.2 and earlier versions, which stems from the presence of a null pointer dereference that could lead to a denial of service...

Important: containerd

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: oci-add-hooks

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: soci-snapshotter

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gdb (UTSA-2025-990648)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990648 advisory. A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The...

OESA-2025-2629 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfdelfgcrecordvtentry of the fil...

OESA-2025-2628 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A critical vulnerability CWE-122 has been found in GNU Binutils 2.45. This is a heap overflow condition where t...

OESA-2025-2625 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfdelfgcrecordvtentry of the fil...

Security update for gpg2

This update for gpg2 fixes the following issues: CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring bsc1239119 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2025-077 (ALASECS-2025-077)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-077 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2025-072 (ALASNITRO-ENCLAVES-2025-072)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-072 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

BIT-GOLANG-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989583)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989583 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPUBIGENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's...

MGASA-2025-0256 Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

JLSEC-2025-197 GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c...

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

CVE-2025-58183

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

About the security content of Xcode 26.1

About the security content of Xcode 26.1 This document describes the security content of Xcode 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of Xcode 26.1

About the security content of Xcode 26.1 This document describes the security content of Xcode 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

OESA-2025-2569 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the...

OESA-2025-2568 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the...