Lucene search
K

42 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:59 p.m.7 views

Security Bulletin: This Power System update is being released to address CVE-2025-52497

Summary When Linux Secure Boot is enabled, a malformed public key certificate in the grubdb or grubdbx can cause a DoS blocking Linux partition boot or make a limited amount of partition memory available. Vulnerability Details CVEID:CVE-2025-52497 DESCRIPTION: Mbed TLS before 3.6.4 has a PEM...

4.8CVSS6AI score0.00277EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/05 3:7 p.m.25 views

flagd: Multiple Go Runtime CVEs Impact Security and Availability

Summary In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd the evaluation engine for OpenFeature. These CVEs primarily focus on Denial of Service DoS through resource exhaustion and Race Conditions in database handling. | CVE ID ...

7.5CVSS6.9AI score0.00626EPSS
Exploits2References4Affected Software3
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.6 views

openSUSE 16 Security Update : go1.25 (openSUSE-SU-2025:20157-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20157-1 advisory. Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host...

7.5CVSS7.8AI score0.00626EPSS
Exploits2References45
OSV
OSV
added 2025/12/12 12:20 p.m.6 views

OESA-2025-2828 golang security update

. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...

7.5CVSS6.9AI score0.00626EPSS
Exploits0References5
OSV
OSV
added 2025/12/12 7:45 a.m.7 views

OPENSUSE-SU-2025:20158-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...

7.5CVSS5.8AI score0.00626EPSS
Exploits2References29
OSV
OSV
added 2025/11/28 12:51 p.m.5 views

OESA-2025-2750 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...

7.5CVSS6.9AI score0.00626EPSS
Exploits0References3
OSV
OSV
added 2025/11/28 12:51 p.m.5 views

OESA-2025-2749 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...

7.5CVSS6.9AI score0.00626EPSS
Exploits0References3
OSV
OSV
added 2025/11/28 12:0 p.m.23 views

RUSTSEC-2025-0134 rustls-pemfile is unmaintained

The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...

7.1AI score
Exploits0References3
OSV
OSV
added 2025/11/21 3:59 p.m.5 views

JLSEC-2025-229 Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_bu...

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtlspemreadbuffer and two mbedtlspkparse functions, via untrusted PEM input...

4.8CVSS7.1AI score0.00277EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.4 views

Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2025-1279)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1279 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References22
Amazon
Amazon
added 2025/11/10 12:0 a.m.7 views

Important: rclone

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.20 views

Important: libcap

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS8.9AI score0.00626EPSS
Exploits0
Mageia
Mageia
added 2025/11/04 4:13 p.m.17 views

Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

7.5CVSS6.8AI score0.00626EPSS
Exploits0References2
OSV
OSV
added 2025/11/04 4:13 p.m.9 views

MGASA-2025-0256 Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

7.5CVSS6.6AI score0.00626EPSS
Exploits0References3
OSV
OSV
added 2025/10/29 11:16 p.m.4 views

CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

7.5CVSS5.9AI score
Exploits0References5
NVD
NVD
added 2025/10/29 11:16 p.m.7 views

CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

7.5CVSS0.00626EPSS
Exploits0References5
Redos
Redos
added 2025/10/29 12:0 a.m.13 views

ROS-20251029-07

The vulnerability in the Golang programming language is related to the implementation of a function where a string is accumulated via repeated concatenation without effectively managing memory or time complexity. Exploitation of the vulnerability could allow an attacker to cause a denial of servi...

7.5CVSS7.1AI score0.00626EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/10/20 1:12 p.m.5 views

Security update for go1.24

This update for go1.24 fixes the following issues: go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509,...

8.8CVSS6.3AI score0.00626EPSS
Exploits0References42
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20082

Malicious code in bioql PyPI...

4.8CVSS6.3AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/06 12:10 a.m.5 views

CVE-2025-52497

A flaw was found in mbedtls. The mbedtlspemreadbuffer and two mbedtlspkparse functions exhibit a one-byte heap-based buffer underflow when parsing untrusted PEM input. This flaw allows a network-based attacker to trigger the underflow by providing a maliciously crafted PEM file, resulting in a...

4.8CVSS6.4AI score0.00277EPSS
Exploits0References2
Rows per page
Query Builder