Lucene search
K

24 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.5 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/04 1:27 p.m.7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/20 5:28 p.m.11 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 6:26 p.m.9 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 6:15 p.m.9 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/11 10:53 p.m.12 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 7:30 a.m.5 views

Security Bulletin: Improper Hostname Normalization in Axios Enables NO_PROXY Bypass and SSRF Attacks

Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching an...

9.9CVSS5.7AI score0.01186EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/05 9:28 a.m.8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/04/23 7:49 p.m.12 views

CLSA-2026-1776954912 osbuild-composer: Fix of CVE-2026-25679

rebuild with newer golang 1.25.7-1.el96.tuxcare.els2 to fix CVE-2026-25679 net/url: reject IPv6 literal not at start of host...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/20 5:0 p.m.13 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/04/16 7:24 a.m.5 views

SUSE-SU-2026:21200-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.8 bsc1244485: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27139: os: FileInfo can escape from a Root bsc1259268. - CVE-2026-27142: html/template: URLs in meta content attribute actio...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 4:21 p.m.7 views

Important: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.6CVSS7.1AI score0.00728EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/09 5:32 p.m.9 views

EUVD-2025-209381

Axios has a NOPROXY Hostname Normalization Bypass Leads to SSRF...

9.3CVSS5.9AI score0.01186EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.2 views

SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:0993-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0993-1 advisory. Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. -...

7.5CVSS6.2AI score0.00728EPSS
Exploits0References17
OSV
OSV
added 2026/03/23 4:35 p.m.3 views

SUSE-SU-2026:0977-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...

10CVSS5.9AI score0.00765EPSS
Exploits1References12
OpenVAS
OpenVAS
added 2021/11/16 12:0 a.m.26 views

Mozilla Firefox Security Advisory (MFSA2012-02) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

5CVSS9.6AI score0.02161EPSS
Exploits0References4
Hacker One
Hacker One
added 2019/09/04 6:47 p.m.21 views

curl: Incorrect IPv6 literal parsing leads to validated connection to unexpected https server.

Summary: The IPv6 ip address can be specified with square brackets like fe80::3. There can also be a zone id specified like fe80::3%15. A URL can specify its hostname with IPv6 literal, It seems that the parsing in curl library is not complete. For instance, it is possible for particular IPv6...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/02/07 12:0 a.m.36 views

Mozilla Thunderbird 3.1.x Multiple Vulnerabilities

Binary data 801371.prm...

10CVSS9AI score0.36511EPSS
Exploits11References11
Tenable Nessus
Tenable Nessus
added 2012/02/07 12:0 a.m.22 views

Mozilla Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities

Binary data 6307.prm...

10CVSS9AI score0.36511EPSS
Exploits11References11
OpenVAS
OpenVAS
added 2012/02/06 12:0 a.m.27 views

Mandriva Update for mozilla MDVSA-2012:013 (mozilla)

Check for the Version of mozilla OpenVAS Vulnerability Test Mandriva Update for mozilla MDVSA-2012:013 mozilla Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

10CVSS0.9AI score0.36511EPSS
Exploits11References2
Rows per page
Query Builder