7 matches found
Astra Linux – Vulnerability in Golang 1.19, Golang 1.23
Proxy-Authorization and Proxy-Authenticate headers remain after cross-origin redirections, potentially exposing sensitive information...
Astra Linux - Vulnerability in Golang-1.23
The net/url package does not limit the number of query parameters in a query. Although the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing man...
Astra Linux – Vulnerability in Golang 1.19, Golang 1.23
Archive/Zip uses a super-linear file name indexing algorithm that is invoked the first time a file within an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...
Linux Distros Unpatched Vulnerability : CVE-2025-58187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non- linearly with respect to the size of the certificate...
Linux Distros Unpatched Vulnerability : CVE-2025-58185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. CVE-2025-58185 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2025-58183
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a...
Linux Distros Unpatched Vulnerability : CVE-2025-58189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...