Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

RockyLinux 9 : runc (RLSA-2026:29702)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29702 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/26 3:45 a.m.22 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Firefox may have incorrectly parsed a URL and reverted it to the youtube.com domain during parsing of the URL specified in an embed tag. This could have bypassed website security checks that restrict which domains users are allowed to embed. This vulnerability was fixed in Firefox 140, Firefox ES...

6.5CVSS6.7AI score0.00285EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/13 8:8 a.m.14 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/05 10:29 a.m.12 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 5:0 p.m.17 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 12:37 a.m.10 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.7 views

RHEL 10 : git-lfs (RHSA-2026:7005)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:7005 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in python-webob

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user will be redirected to using Python’s urlparse function, and joining that parsed URL to the base URL. However, the...

6.1CVSS6.2AI score0.00497EPSS
Exploits1References3
OSV
OSV
added 2025/10/04 12:11 a.m.5 views

RLSA-2025:6977 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.8CVSS6.6AI score0.01499EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/02 5:12 a.m.9 views

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

6.5CVSS5.8AI score0.00285EPSS
Exploits0References5
CVE
CVE
added 2025/06/24 12:28 p.m.83 views

CVE-2025-6429

CVE-2025-6429 is active in Firefox/Thunderbird . The issue arises from an incorrect URL parse in an embed tag, which could rewrite a URL to youtube.com and bypass domain-embedding security checks. Affected products include Firefox and Thunderbird; versions affected are Firefox < 140 and Firefo...

6.5CVSS6.6AI score0.00285EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/24 12:0 a.m.4 views

Mozilla Firefox ESR < 128.12

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-53 advisory. - The executable file warning did not warn users before opening files with the terminal extension. This b...

9.8CVSS6.2AI score0.03057EPSS
Exploits0References6
OSV
OSV
added 2024/08/23 11:8 a.m.4 views

OESA-2024-2043 python-webob security update

WebOb provides wrappers around the WSGI request environment, and an object to help create WSGI responses. The objects map much of the specified behavior of HTTP, including header parsing and accessors for other standard parts of the environment. Security Fixes: WebOb provides objects for HTTP...

6.1CVSS6.9AI score0.00497EPSS
Exploits1References2
OSV
OSV
added 2021/07/22 10:15 p.m.3 views

AZL-6480 CVE-2021-32786 affecting package httpd for versions less than 2.4.52-1

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

6.1CVSS6.4AI score0.02364EPSS
Exploits1References1
Rows per page
Query Builder