UBUNTU-CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

Allocation of Resources Without Limits or Throttling

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:The ParseAddress function constructs domain-literal address components through repeated string...

Google Go 安全漏洞

Google Go is a static strongly-typed, compiled, concatenated, and garbage-collected programming language from Google, Inc USA. A security vulnerability exists in Google Go that stems from the Parse function not properly validating the IPv6 address format within square brackets in the URL host...

CVE-2025-12198

A heap-based buffer overflow vulnerability in dnsmasq within the parsehex function of src/util.c. When parsing malformed DHCP option values in configuration files, dnsmasq miscalculates the output length and writes beyond the allocated heap buffer. This can cause a crash Denial of Service and, in...

CVE-2025-12200

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent...

CVE-2025-12198

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent...

EUVD-2025-36059

A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parsedhcpopt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit has...

CVE-2025-12200

...

CVE-2025-12198

...

EUVD-2025-36061

A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is the function parsehex of the file src/util.c of the component Config File Handler. The manipulation of the argument i leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been...

CVE-2025-12198

Removed by vendor...

CVE-2025-12198

...

PT-2025-43756

Name of the Vulnerable Software and Affected Versions dnsmasq versions up to 2.73rc6 Description A flaw exists in dnsmasq that involves a heap-based buffer overflow. This issue is located within the Config File Handler component, specifically in the parse hex function of the src/util.c file. The...

PT-2025-43758

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.73rc6 Description A flaw exists in dnsmasq related to the parse dhcp opt function within the Config File Handler component, specifically in the file src/option.c. Manipulation of the argument m can lead to a null...

PT-2025-47123

Name of the Vulnerable Software and Affected Versions W3 Total Cache versions prior to 2.8.13 Description The W3 Total Cache WordPress plugin is affected by a command injection issue through the parse dynamic mfunc function. This allows unauthenticated users to execute arbitrary PHP commands by...

OESA-2025-2507 perl-Spreadsheet-ParseExcel security update

The Spreadsheet::ParseExcel module can be used to read information from an Excel 95-2003 file. Security Fixes: Spreadsheet::ParseExcel version 0.65, a Perl module for parsing Excel files, is vulnerable to arbitrary code execution ACE due to passing unvalidated input from a file into a string-type...

EulerOS 2.0 SP13 : ncurses (EulerOS-SA-2025-2272)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function...

SUSE CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...