Lucene search
K

281 matches found

RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-42505

A flaw was found in the crypto/tls package in Go. Handshakes utilizing Encrypted Client Hello ECH could lead to de-anonymization by a passive network observer. This is due to the disclosure of pre-shared key identities within the unencrypted client hello, allowing an attacker to potentially link...

5.3CVSS5.8AI score0.00419EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 12:15 p.m.5 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 8:27 p.m.4 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/24 7:30 p.m.4 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
OSV
OSV
added 2026/06/11 12:5 p.m.24 views

RLSA-2026:24470 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.12 views

RockyLinux 9 : osbuild-composer (RLSA-2026:22714)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22714 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

10CVSS5.6AI score0.01945EPSS
Exploits3References21
RedHat Linux
RedHat Linux
added 2026/06/09 11:18 a.m.10 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.12 views

RockyLinux 10 : git-lfs (RLSA-2026:19133)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19133 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the roo...

7.5CVSS7.6AI score0.00728EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/05/26 5:43 a.m.19 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.14 views

Alibaba Cloud Linux 3 : 0121: grafana (ALINUX3-SA-2026:0121)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0121 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-32280: A flaw was found in the Go...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2026/05/21 4:30 p.m.23 views

java-25-openjdk security update

An update is available for java-25-openjdk. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime...

8.2CVSS6.8AI score0.01052EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/05/20 5:1 p.m.14 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.2AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/14 7:28 p.m.12 views

Moderate: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS6.9AI score0.00765EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.15 views

RHEL 10 : osbuild-composer (RHSA-2026:17686)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17686 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

10CVSS6.9AI score0.00765EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/13 3:12 p.m.22 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.18 views

RHEL 10 : yggdrasil (RHSA-2026:17075)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17075 advisory. yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate chil...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:12 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls (CVE-2025-61730)

Summary IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls, where encryption levels fail to change after multiple messages during TLS 1.3 handshakes CVE-2025-61730. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy h...

5.3CVSS6.6AI score0.00276EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/13 5:43 a.m.4 views

BIT-GOLANG-2026-32280 Unexpected work during chain building in crypto/x509

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References134
SUSE CVE
SUSE CVE
added 2026/04/08 11:25 p.m.7 views

SUSE CVE-2026-32280

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References33
Cvelist
Cvelist
added 2026/04/08 1:6 a.m.33 views

CVE-2026-32280 Unexpected work during chain building in crypto/x509

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...

0.00615EPSS
Exploits0References4
Rows per page
Query Builder