20 matches found
PT-2026-8018
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...
CLEANSTART-2026-PY85990 tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing
Security vulnerability affects the prometheus package. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing...
Important: amazon-ssm-agent
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Linux Distros Unpatched Vulnerability : CVE-2025-22872
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, thi...
llama.cpp 安全漏洞
llama.cpp is a multimodal model by the individual developer Georgi Gerganov. A security vulnerability exists in versions of llama.cpp prior to b5721, which stems from the presence of signed and unsigned integer overflows in the tokenizer implementation, which could lead to a heap overflow...
SUSE CVE-2025-22872
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-65664 CVE-2025-22872 affecting package nvidia-container-toolkit for versions less than 1.17.8-3
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60492 CVE-2025-22872 affecting package ig for versions less than 0.37.0-4
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60523 CVE-2025-22872 affecting package sriov-network-device-plugin for versions less than 3.7.0-4
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-61812 CVE-2025-22872 affecting package cri-o 1.30.1-1
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-65667 CVE-2025-22872 affecting package nvidia-container-toolkit for versions less than 1.17.8-2
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60450 CVE-2025-22872 affecting package keda for versions less than 2.14.1-7
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60586 CVE-2025-22872 affecting package cri-tools for versions less than 1.29.0-8
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60479 CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60604 CVE-2025-22872 affecting package packer for versions less than 1.9.5-13
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60486 CVE-2025-22872 affecting package containerd2 for versions less than 2.0.0-9
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60502 CVE-2025-22872 affecting package cni-plugins for versions less than 1.3.0-8
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60554 CVE-2025-22872 affecting package packer for versions less than 1.9.5-9
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60537 CVE-2025-22872 affecting package kubevirt for versions less than 1.2.0-17
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
Internet Bug Bounty: tokenizer crash when processing undecodable source code
http://bugs.python.org/issue25388...