Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: A UAF use-after-free error occurs during login when accessing the host’s IP address. If the iscsitcpr2tpoolalloc function fails during iscsiswtcpsessioncreate, the user space may access the host’s IP address. If t...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fixed a UAF Use-After-Free exception during logout when accessing the shostipaddress attribute. Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shostipaddress...

Astra Linux - уязвимость в python-ipaddress

The Lib/ipaddress.py module in Python up to version 3.8.3 incorrectly calculates hash values for the IPv4Interface and IPv6Interface classes. This may allow a remote attacker to cause a denial of service if an application relies on the performance of a dictionary containing IPv4Interface or...

SUSE CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

CLSA-2026-1778880543 python3: Fix of CVE-2024-4032

CVE-2024-4032: fix incorrect isprivate/isglobal ranges in ipaddress module...

CLSA-2026-1778932682 python3: Fix of CVE-2024-4032

CVE-2024-4032: update ipaddress module to reflect latest IANA Special-Purpose Address Registries...

ROS-20260505-73-0078

A vulnerability in the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address and ipaddress.IPv6Network classes of the ipaddress module of the Python programming language interpreter CPython is related to incorrect IP address range validation. Exploitation of the vulnerability could...

ROS-20260505-73-0079

A vulnerability in the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address and ipaddress.IPv6Network classes of the ipaddress module of the Python programming language interpreter CPython is related to incorrect IP address range validation. Exploitation of the vulnerability could...

ROS-20260505-73-0077

A vulnerability in the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address and ipaddress.IPv6Network classes of the ipaddress module of the Python programming language interpreter CPython is related to incorrect IP address range validation. Exploitation of the vulnerability could...

Astra Linux - уязвимость в python3.11, python3.7

The “ipaddress” module contained incorrect information regarding whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011337)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011337 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013172)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013172 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis...

CVE-2026-5844

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

D-Link DIR-882 操作系统命令注入漏洞

The D-Link DIR-882 is a dual-band wireless router produced by D-Link Corporation. The D-Link DIR-882 version 1.01B02 has a vulnerability related to operating system command injection. This vulnerability stems from an error in the sprintf function in the prog.cgi file within the HNAP1...

CVE-2026-5353

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the buildCannedPolicy and buildCustomPolicy functions in the CloudFront signing utilities. An attacker can alter the generated CloudFront policy document and weaken access restrictions by...

NewStart CGSL MAIN 6.06 : python3_11 Vulnerability (NS-SA-2025-0241)

The remote NewStart CGSL host, running version MAIN 6.06, has python311 packages installed that are affected by a vulnerability: - The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the...

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2022-2905:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2905:01 advisory. python: Information disclosure via pydoc CVE-2021-3426 python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 python-lxml:...

MiracleLinux 8 : python38:3.8 and python38-devel:3.8 (AXSA:2022-2898:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2898:01 advisory. python-psutil: Double free because of refcount mishandling CVE-2019-18874 python-jinja2: ReDoS vulnerability in the urlize filter CVE-2020-28493...

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...