net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the insufficient validation of host/authors during the url.Parse function. This allo...

PT-2026-21652

Name of the Vulnerable Software and Affected Versions Craft versions 4.5.0-RC1 through 4.16.18 Craft versions 5.0.0-RC1 through 5.8.22 Description Craft is a content management system CMS. The SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4...

EUVD-2012-3040

Malware in sbrugna...

PSF-2025-1

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

openSUSE Security Advisory (SUSE-SU-2025:0285-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.24 (SUSE-SU-2025:0285-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0285-1 advisory. This update ships go1.24rc2 bsc1236217. - CVE-2024-45341: Properly check for IPv6 hosts in URIs...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.23 (SUSE-SU-2025:0280-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0280-1 advisory. - Update to go1.23.5 bsc1229122 - CVE-2024-45341: Properly check for IPv6 hosts in URIs bsc12360...

CVE-2012-3062

Cisco IOS before 15.11SY, when Multicast Listener Discovery MLD snooping is enabled, allows remote attackers to cause a denial of service CPU consumption or device crash via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193...

Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-486-1

Ubuntu Update for Linux kernel vulnerabilities USN-486-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4861.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-486-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...