Linux Distros Unpatched Vulnerability : CVE-2018-14881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgpcapabilitiesprint BGPCAPCODERESTART. CVE-2018-14881 Note that Nessus relies on t...

Linux Distros Unpatched Vulnerability : CVE-2014-0191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7....

Linux Distros Unpatched Vulnerability : CVE-2017-13005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xidmapenter. CVE-2017-13005 Note that Nessus relies on the presence of the package ...

Linux Distros Unpatched Vulnerability : CVE-2017-13028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootpprint. CVE-2017-13028 Note that Nessus relies on the presence of the packa...

Denial Of Service (DoS)

Passenger is vulnerable to Denial Of Service DoS. The vulnerability is due to an issue in the HTTP parser during the parsing of a request with an invalid HTTP method, allowing an attacker to exploit this issue...

Medium: python3

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 There ...

Phusion Passenger 安全漏洞

Phusion Passenger is a fast and powerful web server and application server from Phusion Open Source. A security vulnerability exists in Phusion Passenger versions 6.0.21 through 6.0.25 that originates in a denial of service when the HTTP parser resolves an invalid HTTP method...

CVE-2024-45774

CVE-2024-45774 affects grub2 (GRUB) with a heap out-of-bounds write in the JPEG parser caused by improper internal-buffer bounds checks. The issue can lead to leakage or overwrite of sensitive data and potentially bypass secure boot protections. Affected packages are grub2; multiple sources indic...

CVE-2025-1373 FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

Azure Linux 3.0 Security Update: expat / python3 (CVE-2024-50602)

The version of expat / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50602 advisory. - An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2025-1188)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Azure Linux 3.0 Security Update: mysql (CVE-2024-7264)

The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7264 advisory. - libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If...

CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

CVE-2024-43405

Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-839)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-839 advisory. A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings...

CVE-2025-0938

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

CVE-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

PT-2025-1299

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29 Cacti versions prior to 1.2.24+ds1-1+deb12u5 Cacti versions prior to 1.2.16+ds1-2+deb11u5 Description Cacti, a web interface for graphing of monitoring systems, contains a flaw in its multi-line SNMP result parse...

RLSA-2025:0314 Important: raptor2 security update

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fixes: raptor: integer underflow when normalizing a URI with the turtle parser CVE-2024-57823 For more details about the security issues, including th...

BIT-PYTHON-MIN-2024-50602

An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser...