OPENSUSE-SU-2026:20584-1 Security update for v2ray-core

This update for v2ray-core fixes the following issues: Changes in v2ray-core: - Update version to 5.47.0 Add sticky choice option for leastping Add support for enrollment links in tlsmirror Add Wireguard Outbound unreleased Add sticky choice option for leastping Generalize IP address parsing in T...

MiracleLinux 8 : rust-toolset:rhel8 (AXSA:2021-2857:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2857:01 advisory. rust: incorrect parsing of extraneous zero characters at the beginning of an IP address string CVE-2021-29922 Tenable has extracted the preceding description...

Important: containerd

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: golist

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

OpenPLC 安全漏洞

OpenPLC is an open source programmable logic controller from the individual developer Thiago Alves. It can provide low-cost industrial solutions for automation and research. A security vulnerability exists in OpenPLC that stems from the EtherNet/IP parsing function mishandling specific requests,...

SUSE CVE-2017-13022

The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ipprintroute...

golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet

A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

PT-2021-6618 · Go +5 · Go +5

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17 Description: The issue is related to the incorrect handling of extraneous zero characters at the beginning of an IP address octet, allowing attackers to bypass access control based on IP addresses due to unexpected...

Exploit for CVE-2020-0609

This is a PoC exploit for CVE-2020-0609 and CVE-2020-0610, two v...

Fedora 23 : mediawiki-1.26.2-1.fc23 (2015-5567dd228a)

Changes since 1.26.1 bug T121892 Various special pages resulted in fatal errors. Changes since 1.26.0 bug T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as...

Fedora 22 : mediawiki-1.26.2-1.fc22 (2015-56543978e8)

Changes since 1.26.1 bug T121892 Various special pages resulted in fatal errors. Changes since 1.26.0 bug T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as...

FreeBSD : mediawiki -- multiple vulnerabilities (f36bbd66-aa44-11e5-8f5c-002590263bf5)

MediaWiki reports : T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as 'http://my.wiki.com/wiki/$1' are fine, as are '/wiki/$1'. A value such as '$1' or 'wiki/$1' is not and will no...

mediawiki: multiple issues

CVE-2015-8622: T117899 XSS from wikitext when $wgArticlePath='$1'. Internal review discovered an XSS vector when MediaWiki is configured with a non-standard configuration. - CVE-2015-8624: T119309 User::matchEditToken should use constant-time string comparison. Internal review discovered that...

mediawiki -- multiple vulnerabilities

MediaWiki reports: T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now...