168934 matches found
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
DEBIAN-CVE-2026-55204
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...
DEBIAN-CVE-2026-55203
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...
DEBIAN-CVE-2026-48617
A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...
UBUNTU-CVE-2026-48617
A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...
CVE-2026-48990
A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption JOSE. This vulnerability allows a remote attacker to cause resource exhaustion, leading to a Denial of Service DoS, by sending oversized JSON Web Signature JWS payloads. The library fails to apply size limits,...
CGA-WP6R-W66H-9WHH
Bulletin has no description...
CGA-6G7X-P94G-QX5J
Bulletin has no description...
DEBIAN-CVE-2026-11791
A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
UBUNTU-CVE-2026-11791
A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...
UBUNTU-CVE-2026-44691
In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...
UBUNTU-CVE-2026-44688
In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...
ROOT-APP-GOBINARY-GHSA-FW8G-CG8F-9J28 GHSA-fw8g-cg8f-9j28 in rootio-github.com/prometheus/prometheus - Patched by Root
Root has patched GHSA-fw8g-cg8f-9j28 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-41176 CVE-2026-41176 in rootio-github.com/rclone/rclone - Patched by Root
Root has patched CVE-2026-41176 in the rootio-github.com/rclone/rclone package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-33186 CVE-2026-33186 in rootio-google.golang.org/grpc - Patched by Root
Root has patched CVE-2026-33186 in the rootio-google.golang.org/grpc package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2025-22870 CVE-2025-22870 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2025-22870 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2025-22872 CVE-2025-22872 in rootio-golang.org/x/net - Patched by Root
Root has patched CVE-2025-22872 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-29181 CVE-2026-29181 in rootio-go.opentelemetry.io/otel - Patched by Root
Root has patched CVE-2026-29181 in the rootio-go.opentelemetry.io/otel package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2025-47914 CVE-2025-47914 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2025-47914 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...