BIT-PYTHON-MIN-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

wfa_dut 安全漏洞

wfadut JC6 is software from the Wi-Fi Alliance USA. A security vulnerability exists in wfadut version 9.0.0 and earlier, which stems from the use of system library functions that are vulnerable to OS command injection...

GNU Emacs Command Injection Vulnerability

GNU Emacs is a family of text editors from the GNU community in the U.S. A command injection vulnerability exists in GNU Emacs version 28.2 and earlier, which stems from lib-src/etags.c's use of system C library functions when implementing the ctags program. An attacker could exploit the...

[SECURITY] Fedora 34 Update: e00compr-1.0.1-28.fc34

E00compr is an ANSI C library that reads and writes Arc/Info compressed E00 files. Both =EF=BF=BD=EF=BF=BD=EF=BF=BDPARTIAL=EF=BF=BD=EF=BF=BD=EF=BF=BD and =EF=BF=BD=EF=BF=BD=EF=BF=BDFULL=EF=BF=BD=EF=BF=BD=EF=BF=BD compression level s are supported. This package can be divided in three parts:...

Fedora: Security Advisory for e00compr (FEDORA-2022-7e94ba673b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

PT-2019-4637 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.8 Description: The issue is related to insufficient deserialization mechanisms in the lib/functions.php component of the Cacti network monitoring tool. This could allow a remote attacker to compromise data integrit...

Authorization Bypass

PostgreSQL is vulnerable to authorization bypass. It is because it did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploi...

Information Disclosure

Moodle is vulnerable to information disclosure. The library functions coreenrolgetcourseenrolmentmethods and enrolselfgetinstanceinfo don't check course visibility permissions, allowing a malicious user to access hidden courses...

FreeBSD : FreeBSD -- link_ntoa(3) buffer overflow (0282269d-bbee-11e6-b1cf-14dae9d210b8)

A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. Impact : Due to very limited use of the function in the existing applications, and limited length of the overflow,...

FreeBSD -- link_ntoa(3) buffer overflow

Problem Description: A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. Impact: Due to very limited use of the function in the existing applications, and limited length of t...

Amazon Linux: Security Advisory (ALAS-2011-7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : postgresql8 (ALAS-2015-556)

A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQL did not proper...

CentOS Update for postgresql CESA-2015:1194 centos6

Check the version of postgresql SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882214";...

Solaris 2.6/7.0 /locale Subsystem Format String

No description provided by source. / source: http://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

CentOS Update for netpbm CESA-2011:1811 centos5 x86_64

Check for the Version of netpbm OpenVAS Vulnerability Test CentOS Update for netpbm CESA-2011:1811 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 16 Update: libpng10-1.0.58-1.fc16

The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG Portable Network Graphics image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x...

CentOS Update for libpng10 CESA-2009:0333 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...