16 matches found
Astra Linux – Vulnerability in Golang 1.19, Golang 1.23
Archive/Zip uses a super-linear file name indexing algorithm that is invoked the first time a file within an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...
Astra Linux – Vulnerability in Golang-1.19
Calling Decoder.Decode on a message that contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...
Astra Linux – Vulnerability in Golang-1.19
If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...
Astra Linux – Vulnerability in Golang-1.19
The “//line” directive can be used to bypass the restrictions on the “//go:cgo” directives, allowing for the passing of blocked linker and compiler flags during compilation. This can lead to the execution of arbitrary code when running “go build”. The “//line” directive requires the absolute path...
Astra Linux – Vulnerability in Golang-1.19
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates that contain multiple actions separated by a '/' character may cause the CSS context to close unexpectedly, allowing for the injection of unexpected HTML, if executed with untrusted input...
Astra Linux - Vulnerability in Golang-1.19
When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as “Authorization” or “Cookie”. For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but ...
Astra Linux – Vulnerability in Golang 1.19, Golang 1.23
Proxy-Authorization and Proxy-Authenticate headers remain after cross-origin redirections, potentially exposing sensitive information...
Astra Linux – Vulnerability in Golang-1.19
Large handshake records can cause panics in the crypto/TLS context. Both clients and servers may send large TLS handshake records, which can cause both servers and clients to panic when attempting to construct responses. This issue affects all TLS 1.3 clients, TLS 1.2 clients that explicitly enab...
Linux Distros Unpatched Vulnerability : CVE-2025-68119
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from...
Linux Distros Unpatched Vulnerability : CVE-2025-61730
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensio...
Linux Distros Unpatched Vulnerability : CVE-2025-61728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2025-58189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
Linux Distros Unpatched Vulnerability : CVE-2025-58187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non- linearly with respect to the size of the certificate...
Linux Distros Unpatched Vulnerability : CVE-2025-58185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. CVE-2025-58185 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2025-58183
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a...
Ubuntu: Security Advisory (USN-6140-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...