Lucene search
+L

426 matches found

redhat
redhat
added yesterday5 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
redhat
redhat
added 2 days ago6 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
rocky
rocky
added 2 days ago5 views

yggdrasil security update

An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list yggdrasil is a system daemon that subscribes to topics on an MQTT broker a...

9.6CVSS6.5AI score0.00939EPSS
Exploits0
osv
osv
added 2 days ago4 views

RLSA-2026:38995 Important: go-toolset:rhel8 security, bug fix, and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 crypto/x509: golang: golang crypto/x509: Deni...

8.2CVSS6.5AI score0.00939EPSS
Exploits0References4
redhat
redhat
added 2 days ago5 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
redhat
redhat
added 2 days ago4 views

Important: Red Hat Security Advisory: yggdrasil security update

An update for yggdrasil is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.6CVSS6.8AI score0.00939EPSS
Exploits0References4
nvd
nvd
added 3 days ago3 views

CVE-2026-46644

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS0.00394EPSS
Exploits0References3
cvelist
cvelist
added 3 days ago30 views

CVE-2026-46644 symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS0.00394EPSS
Exploits0References3
redhat
redhat
added 4 days ago7 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
redhat
redhat
added 4 days ago5 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
osv
osv
added 4 days ago2 views

RLSA-2026:37436 Important: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal...

8.2CVSS6.5AI score0.00478EPSS
Exploits0References3
redhat
redhat
added 2026/07/09 8:7 p.m.5 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
redhat
redhat
added 2026/07/09 7:54 p.m.5 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
osv
osv
added 2026/07/09 6:42 p.m.2 views

SUSE-SU-2026:2830-1 Security update for warewulf4

This update for warewulf4 fixes the following issues: Update to v4.7.0. Security issues fixed: - CVE-2025-69725: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258511. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when giv...

9.6CVSS6.5AI score0.00781EPSS
Exploits0References11
osv
osv
added 2026/07/09 6:18 p.m.1 views

SUSE-SU-2026:2824-1 Security update for alloy

This update for alloy fixes the following issues - CVE-2026-10722: github.com/cilium/ebpf: BTF string offset boundary check can lead to crash when parsing malformed ELF/BTF input bsc1267811. - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html:...

10CVSS6.8AI score0.00533EPSS
Exploits6References39
osv
osv
added 2026/07/09 12:53 p.m.2 views

OESA-2026-2946 rpm-ostree security update

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...

8.8CVSS6.3AI score0.00486EPSS
Exploits1References3
osv
osv
added 2026/07/09 12:53 p.m.3 views

OESA-2026-2945 rpm-ostree security update

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...

8.8CVSS6AI score0.00486EPSS
Exploits1References3
osv
osv
added 2026/07/09 12:53 p.m.3 views

OESA-2026-2944 rpm-ostree security update

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...

9.1CVSS6.3AI score0.00486EPSS
Exploits2References4
osv
osv
added 2026/07/09 12:0 a.m.4 views

ALSA-2026:37436 Important: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal...

9.6CVSS6.3AI score0.00478EPSS
Exploits0References5
almalinux
almalinux
added 2026/07/09 12:0 a.m.8 views

Important: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References5
Rows per page
Query Builder