42 matches found
Security Bulletin: This Power System update is being released to address CVE-2025-52497
Summary When Linux Secure Boot is enabled, a malformed public key certificate in the grubdb or grubdbx can cause a DoS blocking Linux partition boot or make a limited amount of partition memory available. Vulnerability Details CVEID:CVE-2025-52497 DESCRIPTION: Mbed TLS before 3.6.4 has a PEM...
flagd: Multiple Go Runtime CVEs Impact Security and Availability
Summary In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd the evaluation engine for OpenFeature. These CVEs primarily focus on Denial of Service DoS through resource exhaustion and Race Conditions in database handling. | CVE ID ...
openSUSE 16 Security Update : go1.25 (openSUSE-SU-2025:20157-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20157-1 advisory. Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host...
OESA-2025-2828 golang security update
. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...
OPENSUSE-SU-2025:20158-1 Security update for go1.24
This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...
OESA-2025-2750 golang security update
. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...
OESA-2025-2749 golang security update
. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...
RUSTSEC-2025-0134 rustls-pemfile is unmaintained
The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...
JLSEC-2025-229 Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_bu...
Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtlspemreadbuffer and two mbedtlspkparse functions, via untrusted PEM input...
Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2025-1279)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1279 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...
Important: rclone
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: libcap
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Updated golang packages fix security vulnerabilities
Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...
MGASA-2025-0256 Updated golang packages fix security vulnerabilities
Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...
CVE-2025-61723
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...
CVE-2025-61723
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...
ROS-20251029-07
The vulnerability in the Golang programming language is related to the implementation of a function where a string is accumulated via repeated concatenation without effectively managing memory or time complexity. Exploitation of the vulnerability could allow an attacker to cause a denial of servi...
Security update for go1.24
This update for go1.24 fixes the following issues: go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509,...
EUVD-2025-20082
Malicious code in bioql PyPI...
CVE-2025-52497
A flaw was found in mbedtls. The mbedtlspemreadbuffer and two mbedtlspkparse functions exhibit a one-byte heap-based buffer underflow when parsing untrusted PEM input. This flaw allows a network-based attacker to trigger the underflow by providing a maliciously crafted PEM file, resulting in a...