346 matches found
CVE-2025-1933 JIT corruption of WASM i32 return values on 64-bit CPUs
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
Python Improper Encoding of Output Vulnerability (Feb 2025) - Linux
Python is prone to an improper encoding of output vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...
CVE-2025-1795
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted...
UBUNTU-CVE-2022-49321
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: treat all calls not a bcall when bcserv is NULL When a rdma server returns a fault format reply, nfs v3 client may treats it as a bcall when bc service is not exist. The debug message at rpcrdmabcreceivecall are,...
CVE-2024-3220
CVE-2024-3220 affects the CPython standard library mimetypes module. On Windows, the default known-file locations (and on other platforms via the same locations) are writable, allowing a user to create invalid files and potentially trigger MemoryError at Python startup or cause mis-interpretation...
CVE-2022-3224
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
EulerOS 2.0 SP8 : wget (EulerOS-SA-2025-1130)
According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data...
SUSE CVE-2024-56656
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X P7 chip's HW GRO/LRO interface is very similar to that of the previous generation 5750X or P5. However, the aggregation ID fields in the completion structur...
CLSA-2024-1733245591 pam: Fix of CVE-2024-10963
CVE-2024-10963: fix a flaw found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. There is the new 'nodns' option which should be enabled to fix the CVE...
haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
Curl 7.74.0 < 8.10.1 Input Misinterpretation (CVE-2024-9681)
The version of Curl installed on the remote host is between 7.74.0 and prior to 8.10.1. It is, therefore, affected by a potential minor DoS security problem when trying to use HTTPS when that no longer works or a cleartext transmission of data that was otherwise intended to possibly be protected...
CVE-2024-47825 CIDR deny policies may not take effect when a more narrow CIDR allow is present
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix CIDRSe...
Qt 安全漏洞
Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...
EulerOS 2.0 SP12 : wget (EulerOS-SA-2024-2518)
According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data...
EulerOS 2.0 SP12 : wget (EulerOS-SA-2024-2543)
According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...
SUSE CVE-2024-8096
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...
Moderate: Red Hat Security Advisory: wget security update
An update for wget is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
RHEL 8 : wget (RHSA-2024:6208)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6208 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input ma...
RHEL 9 : wget (RHSA-2024:6438)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6438 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input ma...