426 matches found
golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
yggdrasil security update
An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list yggdrasil is a system daemon that subscribes to topics on an MQTT broker a...
RLSA-2026:38995 Important: go-toolset:rhel8 security, bug fix, and enhancement update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 crypto/x509: golang: golang crypto/x509: Deni...
golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
Important: Red Hat Security Advisory: yggdrasil security update
An update for yggdrasil is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
CVE-2026-46644
Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...
CVE-2026-46644 symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...
golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
RLSA-2026:37436 Important: golang security, bug fix, and enhancement update
The golang packages provide the Go programming language compiler. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal...
golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
SUSE-SU-2026:2830-1 Security update for warewulf4
This update for warewulf4 fixes the following issues: Update to v4.7.0. Security issues fixed: - CVE-2025-69725: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258511. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when giv...
SUSE-SU-2026:2824-1 Security update for alloy
This update for alloy fixes the following issues - CVE-2026-10722: github.com/cilium/ebpf: BTF string offset boundary check can lead to crash when parsing malformed ELF/BTF input bsc1267811. - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html:...
OESA-2026-2946 rpm-ostree security update
rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...
OESA-2026-2945 rpm-ostree security update
rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...
OESA-2026-2944 rpm-ostree security update
rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...
ALSA-2026:37436 Important: golang security, bug fix, and enhancement update
The golang packages provide the Go programming language compiler. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal...
Important: golang security, bug fix, and enhancement update
The golang packages provide the Go programming language compiler. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal...