1648 matches found
CVE-2026-59954 Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration data when AccessKey or management key authentication is enabled because ConfigService can accept a...
CVE-2026-59954
CVE-2026-59954 affects Apollo ConfigService. Before version 2.5.2, when AccessKey or management key authentication is enabled, the service may authorize access to configuration data via non-canonical appId variants that downstream handling resolves to the protected app (including accent-variant a...
RLSA-2026:39266 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
JLSEC-2026-695 The X25519 x86_64 assembly implementation fails to clear the most significant bit during the...
The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
Hitachi Pentaho Business Analytics Server - Bypass Authorization
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. id: CVE-2022-43939 info: name: Hitachi Pentaho Business Analytics Server - Bypass Authorization author: daffainf...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
PT-2026-60109
Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...
EulerOS 2.0 SP12 : kata-containers (EulerOS-SA-2026-2594)
"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...
EulerOS 2.0 SP12 : kata-containers (EulerOS-SA-2026-2534)
"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
CVE-2026-59510
The CVE concerns AIL Framework’s PDF object handling. The vulnerable code in PDF.get_filepath() joined the configured PDF storage directory with a path derived from a PDF object identifier without ensuring the final path stayed inside the PDF_FOLDER. Authenticated attackers could supply crafted i...
CVE-2026-27779
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...
CVE-2026-27779
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...
EUVD-2026-41637
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...
PT-2026-55604
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software accepts malformed or injected forwarded-proto values during the detection of public URLs. This flaw allows for the generation of spoofed canonical URLs. Recommendations Update Gitea to...