UBUNTU-CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

JLSEC-2026-250 Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary...

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

CLSA-2026-1776427525 golang: Fix of 3 CVEs

CVE-2025-61723: fix non-linear processing time when parsing invalid PEM inputs that could lead to denial of service - CVE-2025-58187: fix quadratic complexity when checking name constraints in crypto/x509 certificate validation - CVE-2025-58188: fix panic when validating certificates with DSA...

OPENSUSE-SU-2025:20158-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2025-078 (ALASECS-2025-078)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-078 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2025-1271)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1271 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1270)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1270 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

Important: rclone

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: runfinch-finch

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: runfinch-finch

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: amazon-ecr-credential-helper

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

EUVD-2025-36732

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

AZL-78915 CVE-2025-58188 affecting package golang 1.25.7-1

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

AZL-69275 CVE-2025-58188 affecting package golang 1.26.0-1

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

CVE-2025-58188

CVE-2025-58188 (panic on validating certificate chains with DSA keys) is confirmed in an F5 advisory tied to BIG-IP Next for Kubernetes. Affected component set includes TMM, f5-dwbld, and f5-downloader; the root cause is a cast assuming an Equal method when validating certificate chains containin...

EUVD-2009-0034

Malware in sbrugna...

EUVD-2021-8691

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-1000343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key...