Lucene search
K

10 matches found

Amazon
Amazon
added 2026/07/08 12:0 a.m.5 views

Important: ecs-init

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS7AI score0.00939EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/06 3:49 a.m.3 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS5.9AI score0.00478EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/06 3:11 a.m.12 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References8
OSV
OSV
added 2026/07/01 6:0 a.m.4 views

RLSA-2026:30853 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycod...

8.2CVSS7.4AI score0.00478EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 8:17 a.m.4 views

OPENSUSE-SU-2026:21069-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6.7AI score0.01557EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.10 views

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1884)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1884 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

9.6CVSS6.9AI score0.00939EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.26 views

Linux Distros Unpatched Vulnerability : CVE-2026-39821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII- only label. For example, ToUnicodexn--example-.com...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2024/12/09 12:0 p.m.22 views

RUSTSEC-2024-0421 `idna` accepts Punycode labels that do not produce any non-ASCII when decoded

idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...

8.8CVSS6.1AI score0.00201EPSS
Exploits1References3
OSV
OSV
added 2023/05/26 9:15 p.m.2 views

DEBIAN-CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

5.9CVSS6.3AI score0.0181EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2018/02/06 12:0 a.m.22 views

Debian: Security Advisory (DLA-1084-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.03965EPSS
Exploits0References2
Rows per page
Query Builder