Lucene search
K

16 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Golang 1.19, Golang 1.23

Archive/Zip uses a super-linear file name indexing algorithm that is invoked the first time a file within an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

6.5CVSS6.8AI score0.00643EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Golang-1.19

Calling Decoder.Decode on a message that contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

7.5CVSS6.9AI score0.01127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19

If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

5.4CVSS6.7AI score0.00795EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Golang-1.19

The “//line” directive can be used to bypass the restrictions on the “//go:cgo” directives, allowing for the passing of blocked linker and compiler flags during compilation. This can lead to the execution of arbitrary code when running “go build”. The “//line” directive requires the absolute path...

8.1CVSS7.1AI score0.01762EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates that contain multiple actions separated by a '/' character may cause the CSS context to close unexpectedly, allowing for the injection of unexpected HTML, if executed with untrusted input...

7.3CVSS6.7AI score0.01037EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux - Vulnerability in Golang-1.19

When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as “Authorization” or “Cookie”. For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but ...

4.3CVSS6.3AI score0.0108EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Golang 1.19, Golang 1.23

Proxy-Authorization and Proxy-Authenticate headers remain after cross-origin redirections, potentially exposing sensitive information...

6.8CVSS6.6AI score0.0056EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Golang-1.19

Large handshake records can cause panics in the crypto/TLS context. Both clients and servers may send large TLS handshake records, which can cause both servers and clients to panic when attempting to construct responses. This issue affects all TLS 1.3 clients, TLS 1.2 clients that explicitly enab...

7.5CVSS6.8AI score0.01111EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-68119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from...

7CVSS8.4AI score0.00335EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-61730

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensio...

5.3CVSS7.7AI score0.00276EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-61728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service...

6.5CVSS6.9AI score0.00643EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2025-58189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.7AI score0.00443EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-58187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non- linearly with respect to the size of the certificate...

7.5CVSS7.3AI score0.00384EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2025-58185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. CVE-2025-58185 Note that Nessus relies on the...

5.3CVSS6.7AI score0.00526EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-58183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a...

4.3CVSS6.7AI score0.00419EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/06/07 12:0 a.m.37 views

Ubuntu: Security Advisory (USN-6140-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.02281EPSS
Exploits0References2
Rows per page
Query Builder