Lucene search
+L

1119 matches found

osv
osv
added 2026/07/07 4:59 p.m.2 views

SUSE-SU-2026:22572-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go1.26.4 bsc1255111. Security issues fixed: - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. -...

9.8CVSS7AI score0.00939EPSS
Exploits0References53
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Golang-1.15

In Go versions before 1.15.13 and 1.16.x, as well as before 1.16.5, certain configurations of ReverseProxy from net/http/httputil lead to a situation where an attacker can drop arbitrary headers...

5.3CVSS6.5AI score0.02279EPSS
Exploits1References2
nessus
nessus
added 2026/05/14 12:0 a.m.8 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021307 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

9.1CVSS6.6AI score0.00778EPSS
Exploits0References4
mscve
mscve
added 2026/05/10 8:2 a.m.11 views

Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

...

7.5CVSS5.8AI score0.00781EPSS
Exploits0
cvelist
cvelist
added 2026/05/07 7:41 p.m.74 views

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

0.00781EPSS
Exploits0References5
osv
osv
added 2026/05/07 7:21 p.m.44 views

GO-2026-4918 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References4
nessus
nessus
added 2026/05/04 12:0 a.m.12 views

RHCOS 4 : OpenShift Container Platform 4.15.55 (RHSA-2025:11352)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:11352 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

9.1CVSS7AI score0.00778EPSS
Exploits0References5
nessus
nessus
added 2026/05/04 12:0 a.m.8 views

RHCOS 4 : OpenShift Container Platform 4.12.78 (RHSA-2025:10271)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10271 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

9.1CVSS6.8AI score0.00778EPSS
Exploits0References5
nessus
nessus
added 2026/05/04 12:0 a.m.5 views

RHCOS 4 : OpenShift Container Platform 4.17.35 (RHSA-2025:10295)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10295 advisory. - podman: podman missing TLS verification CVE-2025-6032 - net/http: Request smuggling due to acceptance of invalid chunked data in...

9.1CVSS6.8AI score0.00778EPSS
Exploits0References6
nessus
nessus
added 2026/05/04 12:0 a.m.14 views

RHCOS 4 : OpenShift Container Platform 4.16.45 (RHSA-2025:11682)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:11682 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

9.1CVSS7.2AI score0.00778EPSS
Exploits0References5
redhat
redhat
added 2026/04/10 2:24 p.m.2 views

net/http: CrossOriginProtection bypass in net/http

A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path,...

5.4CVSS6AI score0.00308EPSS
Exploits0References8
nessus
nessus
added 2026/04/10 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007098 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

9.1CVSS7AI score0.00778EPSS
Exploits0References4
redhat
redhat
added 2026/04/09 11:0 a.m.2 views

golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

A flaw was found in golang.org/net/http. A remote attacker could exploit this vulnerability by sending a large number of small cookies to an HTTP server. Despite a default 1MB limit on HTTP headers, the number of cookies parsed is unrestricted, leading to excessive memory allocation. This can cau...

5.3CVSS6.1AI score0.00534EPSS
Exploits0References8
amazon
amazon
added 2026/03/27 12:0 a.m.10 views

Medium: amazon-cloudwatch-agent

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS7.1AI score0.00765EPSS
Exploits2
ibm
ibm
added 2026/02/24 6:11 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses net/http 1.23.4,1.24.2,1.24.3,crypto/x509 1.24.2,1.24.3 which is vulnerable to CVE-2025-4673, CVE-2025-22874.

Summary IBM Maximo Application Suite uses net/http 1.23.4,1.24.2,1.24.3, crypto/x509 1.24.2,1.24.3 which is vulnerable to CVE-2025-4673,CVE-2025-22874. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4673 DESCRIPTION:...

7.5CVSS5.4AI score0.0056EPSS
Exploits0Affected Software1
amazon
amazon
added 2026/02/19 12:0 a.m.16 views

Medium: containerd

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS6AI score0.00765EPSS
Exploits2
rosalinux
rosalinux
added 2026/02/16 7:14 a.m.65 views

Advisory ROSA-SA-2026-3146

Software: grafana 9.2.10 OS: ROSA Virtualization 3.1 unaffected versions = grafana-9.2.10-27.rv31 affected versions grafana-9.2.10-27.rv31 CVE-ID: CVE-2025-22871 BDU-ID: 2025-04014 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the net/http package of the Go programming language is related to...

10CVSS8.2AI score0.99999EPSS
Exploits29
mageia
mageia
added 2026/02/11 5:56 p.m.17 views

Updated golang packages fix security vulnerabilities

net/http: memory exhaustion in Request.ParseForm. CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives. CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level. CVE-2025-61730 cmd/go: bypass of flag sanitization can lead to...

10CVSS6.5AI score0.00765EPSS
Exploits2References7
nessus
nessus
added 2026/02/05 12:0 a.m.7 views

Amazon Linux 2023 : golist (ALAS2023-2026-1382)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1382 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

10CVSS7.2AI score0.00765EPSS
Exploits2References10
nessus
nessus
added 2026/02/05 12:0 a.m.7 views

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1401)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1401 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

10CVSS7.8AI score0.00765EPSS
Exploits2References10
Rows per page
Query Builder