280 matches found
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the crypto/tls component. Sending multiple key update messages after a handshake in ...
PT-2026-31061
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description An issue exists in the way certificate chains are processed, specifically during chain building. The amount of work performed isn't properly limited when a large number of intermediate certificates are provide...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
SUSE-SU-2026:0947-1 Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...
MiracleLinux 8 : container-tools:rhel8 (AXSA:2026-338:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-338:01 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...
container-tools:rhel8 security update
An update is available for module.skopeo, aardvark-dns, crun, module.udica, module.cockpit-podman, module.criu, conmon, runc, containernetworking-plugins, python-podman, toolbox, module.oci-seccomp-bpf-hook, module.containers-common, podman, module.aardvark-dns, module.libslirp, fuse-overlayfs,...
Important: Red Hat Security Advisory: container-tools:rhel8 security update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
MiracleLinux 8 : osbuild-composer-101.4-4.el8_10.ML.1 (AXSA:2026-304:05)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-304:05 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...
AlmaLinux 8 : git-lfs (ALSA-2026:3985)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:3985 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
MiracleLinux 9 : delve-1.25.2-2.el9_7 (AXSA:2026-275:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-275:01 advisory. crypto/tls: Unexpected session resumption in crypto/tls CVE-2025-68121 Tenable has extracted the preceding description block directly from the MiracleLinux...
SUSE SLES15 Security Update : go1 (SUSE-SU-2026:0687-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0687-1 advisory. Update to version 1.24.13 jscSLE-18320, bsc1236217. Security issues fixed: - CVE-2025-61732: cmd/cgo: discrepancy between Go and...
RockyLinux 9 : buildah (RLSA-2026:3298)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3298 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service (CVE-2025-61726, CVE-2025-61728) and loss of confidentiality (CVE-2025-61730)
Summary IBM App Connect Enterprise Certified Container operator, and DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service CVE-2025-61726, CVE-2025-61728 and loss of confidentiality CVE-2025-61730. This bulletin provides patch information to...
RLSA-2026:3297 Important: buildah security update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
podman security update
An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...
grafana-pcp security update
An update is available for grafana-pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...
RockyLinux 9 : grafana-pcp (RLSA-2026:3040)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3040 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...