Lucene search
K

77 matches found

RedHat Linux
RedHat Linux
added 2 days ago4 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago3 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 4 days ago9 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 11:39 a.m.4 views

ROOT-APP-GOBINARY-CVE-2026-27136 CVE-2026-27136 in rootio-golang.org/x/net - Patched by Root

Root has patched CVE-2026-27136 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
OSV
OSV
added 2026/07/02 11:39 a.m.3 views

ROOT-APP-GOBINARY-CVE-2026-33814 CVE-2026-33814 in rootio-golang.org/x/net - Patched by Root

Root has patched CVE-2026-33814 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...

7.5CVSS7.3AI score0.00781EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/01 7:33 p.m.5 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 6:46 p.m.11 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS7.6AI score0.00939EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 6:46 p.m.6 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 2026/07/01 12:0 a.m.3 views

ALSA-2026:34359 Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus: Prometheus: Information...

9.6CVSS7.5AI score0.00939EPSS
Exploits0References14
OSV
OSV
added 2026/06/30 7:5 a.m.8 views

ROOT-APP-GOBINARY-CVE-2025-22872 CVE-2025-22872 in rootio-golang.org/x/net - Patched by Root

Root has patched CVE-2025-22872 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...

6.5CVSS7.1AI score0.00478EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/29 10:19 a.m.17 views

CVE-2026-33811

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.91 views

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

0.00588EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/13 10:11 p.m.6 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.8CVSS5.8AI score0.00566EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 8:47 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go‎. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...

5.1CVSS5.8AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/25 7:11 p.m.3 views

Use After Free

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.3CVSS5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.9 views

Photon OS 4.0: Net PHSA-2026-4.0-0946

An update of the net package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0946. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid29724...

9.8CVSS5.8AI score0.4269EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/06 12:0 a.m.5 views

Photon OS 5.0: Net PHSA-2026-5.0-0726

An update of the net package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0726. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid28184...

9.8CVSS6.9AI score0.4269EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 2:25 p.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0, golang.org/x/net-v0.33.0, golang.org/x/net-v0.34.0 which is vulnerable to this CVE-2025-22870

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0, golang.org/x/net-v0.33.0, golang.org/x/net-v0.34.0 which is vulnerable to this CVE-2025-22870 Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against prox...

4.4CVSS7.5AI score0.00384EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-37879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 9p/net: fix improper handling of bogus negative read/write replies In p9clientwrite and p9clientreadonce, if the server incorrectly replies with success but a...

7.1CVSS6.8AI score0.0024EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/06/23 2:48 a.m.10 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
Rows per page
Query Builder