16 matches found
RHEL 9 : git-lfs (RHSA-2026:10712)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:10712 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...
CVE-2025-12106
Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...
USN-7348-1: Python vulnerabilities
It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu...
Weston Embedded uC-FTPs PORT command parameter extraction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2022-1681 Weston Embedded uC-FTPs PORT command parameter extraction out-of-bounds read vulnerability May 10, 2023 CVE Number CVE-2022-46377,CVE-2022-46378 SUMMARY An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of...
RHEL 8 : Red Hat OpenStack Platform 16.2 (golang-github-vbatts-tar-split) (RHSA-2022:0998)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0998 advisory. Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-29923 crypto/tls:...
lib60870代码问题漏洞
lib60870 is a C language library based on the IEC60870-5 protocol. The library provides support for CompanionStandard 101 CS101 and 104 CS104 of the IEC family of standards for remote control applications IEC60870-5 and is commonly used in power systems for communication between central station...
OESA-2021-1402 golang security update
The go programming language Security Fixes: Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format.CVE-2021-33195 In...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
DEBIAN-CVE-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...
DEBIAN-CVE-2021-29922
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation...
CVE-2019-5180
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
Cookie Leak
libcurl.so is vulnerable to cookie leak. A remote attacker is able to set or send arbitrary cookies for certain sites. libcurl.so parses IP addresses similar to domain names, where a site with an IP address of 192.168.0.1 can set or send cookies for another site ending with .168.0.1...
Cookie Leak
libcurl.so is vulnerable to cookie leak. A remote attacker is able to set or send arbitrary cookies for certain sites. libcurl.so parses IP addresses similar to domain names, where a site with an IP address of 192.168.0.1 can set or send cookies for another site ending with .168.0.1...
MediaWiki < 1.23.12 / 1.24.5 / 1.25.4 / 1.26.1 Multiple Vulnerabilities
Binary data 9473.prm...
Apache 1.3: Multiple vulnerabilities
Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description On...