31 matches found
GHSA-C2P3-7M5P-CV8X Symfony hardened the parser when handling untrusted input
Description Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...
Linux Distros Unpatched Vulnerability : CVE-2026-39825
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses...
CVE-2026-39825
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...
Security Bulletin: Rational Performance Tester contains vulnerabilities which could result in a potential denial of service
Summary Due to the use of the Jackson Data Processor, Rational Performance Tester contains vulnerabilities could result in a potentail denial of service attack. CVE-2025-52999, CVE-2022-0468 Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2025:02778-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02778-1 advisory. - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler...
OESA-2025-2828 golang security update
. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...
OESA-2025-2826 golang security update
. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...
Servify Express 资源管理错误漏洞
Servify Express is an express parcel form server by the individual developer Aaron doran. A resource management error vulnerability exists in Servify Express versions prior to 1.2 that stems from the Express server not setting a JSON parsing size limit, which could lead to a denial of service...
TencentOS Server 4: golang (TSSA-2024:0626)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0626 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Important: docker
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: golist
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: oci-add-hooks
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: golist
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
BIT-GOLANG-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...
Lack of limit when parsing cookies can cause memory exhaustion in net/http
...
CVE-2025-58186
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...
GO-2025-4012 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...
CVE-2025-61919 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...
SUSE SLES12 Security Update : python3 (SUSE-SU-2025:02802-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02802-1 advisory. - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705 -...
PT-2025-31590 · Materialx +1 · Materialx +1
Name of the Vulnerable Software and Affected Versions: MaterialX versions 1.39.2 and below Description: MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing an MTLX file with multiple nested nodegraph...