Lucene search
+L

2099 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the...

10CVSS6.3AI score0.0044EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday5 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS6.9AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago5 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2 days ago5 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago4 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 3 days ago4 views

RLSA-2026:38493 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
Rockylinux
Rockylinux
added 3 days ago6 views

podman security update

An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
RedHat Linux
RedHat Linux
added 4 days ago8 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS6.9AI score0.00939EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 4 days ago6 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS6.1AI score0.00939EPSS
Exploits0References8
CVE
CVE
added 4 days ago8 views

CVE-2026-15542

This CVE affects will-moss Isaiah up to version 1.36.9, specifically the Websocket Connection Authentication component (file app/main.go). The underlying issue is in an unknown function that leads to improper authentication, with the attack described as remote. A fix is not yet merged; the pull r...

7.5CVSS6.5AI score0.00403EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
Rockylinux
Rockylinux
added 4 days ago5 views

golang security, bug fix, and enhancement update

An update is available for golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

9.6CVSS6.4AI score0.00478EPSS
Exploits0
OSV
OSV
added 4 days ago2 views

ALSA-2026:38494 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References4
EUVD
EUVD
added last week7 views

EUVD-2026-42937

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score0.00524EPSS
Exploits1References4
OSV
OSV
added last week1 views

OPENSUSE-SU-2026:21281-1 Security update for cosign

This update for cosign fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: multiple issues when parsing HTML files bsc1267044. - CVE-2026-33815: memory-safety vulnerability bsc1261811. -...

10CVSS6.5AI score0.00605EPSS
Exploits0References22
Redos
Redos
added 2026/07/10 12:0 a.m.6 views

ROS-20260710-73-0004

The vulnerability of the url.Parse function in the host/authority component of the Go programming language is related to improper syntax validation of input. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

7.5CVSS6.3AI score0.00728EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.10 views

EulerOS 2.0 SP12 : kata-containers (EulerOS-SA-2026-2534)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/07/09 6:56 p.m.6 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
Microsoft Secure
Microsoft Secure
added 2026/07/09 3:0 p.m.19 views

GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware

In this article 1. A wiper inside a backdoor 2. Backdoor capabilities 3. How GigaWiper was assembled 4. Conclusion: Multiple destructive capabilities consolidated into a single implant 5. Defending against destructive threats 6. Microsoft Defender detections 7. Indicators of compromise In October...

6.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/09 12:10 p.m.7 views

Important: Red Hat Security Advisory: RHTAS 1.4.2 - Tech Preview Release Of the Go based Model Transparency CLI

The Tech Preview release of the Go based RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The Go based RHTAS Model Transparency CLI image can be used to sign and verify AI/M...

9.1CVSS6.8AI score0.00533EPSS
Exploits0References5
Rows per page
Query Builder