Lucene search
K

10 matches found

OSV
OSV
added 2026/05/25 9:38 a.m.14 views

CLSA-2026-1779701895 podman: Fix of 3 CVEs

Rebuild with golang = 1.25.7-1.el96.tuxcare.els5 to fix Go standard library CVEs: - CVE-2026-32280: cap intermediate certificates in crypto/x509 chain building to mitigate denial-of-service via excessive chain construction work - CVE-2026-32283: prevent crypto/tls deadlock when a TLS 1.3 peer...

7.5CVSS6.9AI score0.00651EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.10 views

openSUSE 16 Security Update : go1.26 (openSUSE-SU-2026:20571-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20571-1 advisory. - Update to version go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143:...

9.8CVSS5.9AI score0.00658EPSS
Exploits0References31
OSV
OSV
added 2026/04/20 2:2 p.m.8 views

OPENSUSE-SU-2026:20570-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to version go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.8AI score0.00658EPSS
Exploits0References19
OSV
OSV
added 2026/04/20 1:54 p.m.9 views

SUSE-SU-2026:21355-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to version go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.7AI score0.00658EPSS
Exploits0References20
SUSE Linux
SUSE Linux
added 2026/04/14 12:40 p.m.6 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.9 bsc1244485. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile: no-op...

7.5CVSS5.9AI score0.00658EPSS
Exploits0References38
OSV
OSV
added 2026/04/14 12:40 p.m.8 views

SUSE-SU-2026:1321-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144: cmd/compile:...

9.8CVSS5.8AI score0.00658EPSS
Exploits0References20
Vulnrichment
Vulnrichment
added 2026/04/10 3:7 a.m.3 views

CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

8.6CVSS5.9AI score0.00184EPSS
Exploits0References1
Snyk
Snyk
added 2022/05/24 5:43 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when creating HTTPS web requests while building X509 certificate chains. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

6.5CVSS8AI score0.0334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.5 views

PT-2021-2046 · Microsoft +3 · Net Core +4

Name of the Vulnerable Software and Affected Versions: .NET Core and Visual Studio affected versions not specified Description: The issue is related to insufficient input validation, which can be exploited by a remote attacker to cause a denial of service. This vulnerability exists when creating...

9.8CVSS7.6AI score0.0334EPSS
Exploits0References30
OSV
OSV
added 2017/08/30 8:29 p.m.3 views

UBUNTU-CVE-2017-14032

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL...

8.1CVSS5.8AI score0.01492EPSS
Exploits0References6
Rows per page
Query Builder