CVE-2026-32303 Cryptomator: Tampered vault configuration allows MITM attack on Hub API

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...

AZL-49976 CVE-2024-8508 affecting package unbound for versions less than 1.19.1-3

NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression ...

AZL-47771 CVE-2024-43167 affecting package unbound for versions less than 1.19.1-4

DISPUTE NOTE: this issue does not pose a security risk as it according to analysis by the original software developer, NLnet Labs falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet...

SpiceDB 安全漏洞

SpiceDB is a fine-grained permissions database inspired by Google Zanzibar. A security vulnerability exists in SpiceDB versions prior to 1.19.1. An attacker exploited the vulnerability to obtain sensitive data...

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

...

AZL-79106 CVE-2022-27664 affecting package golang 1.25.7-1

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...