Lucene search
K

9 matches found

OSV
OSV
added 2026/05/19 9:20 a.m.10 views

CLSA-2026-1779182426 buildah: Fix of CVE-2026-32283

rebuild on tuxcare9.6esu with newer golang version 1.25.7-1.el96.tuxcare.els4 - CVE-2026-32283: fix TLS 1.3 deadlock in crypto/tls handleKeyUpdate...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References1
OSV
OSV
added 2026/04/23 6:15 p.m.13 views

CLSA-2026-1776968105 skopeo: Fix of CVE-2026-25679

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els2 to fix the following CVE - CVE-2026-25679: fix insufficient validation of host/authority in net/url.Parse by rejecting invalid URLs with IPv6 literals not at the start of the host...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2026/04/23 5:54 p.m.16 views

CLSA-2026-1776966842 go-rpm-macros: Fix of CVE-2026-25679

CVE-2026-25679: rebuild against golang-1.25.7-1.tuxcare.els2 which contains the net/url IPv6 host-literal parsing fix...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 10:16 p.m.13 views

AZL-79610 CVE-2026-27138 affecting package golang 1.25.7-1

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...

5.9CVSS7.4AI score0.0035EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 10:16 p.m.6 views

AZL-79613 CVE-2026-27137 affecting package golang 1.25.7-1

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

7.5CVSS7.3AI score0.00606EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.7 views

AZL-78929 CVE-2025-61728 affecting package golang 1.25.7-1

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

6.5CVSS7.3AI score0.00643EPSS
Exploits1References1
OSV
OSV
added 2025/10/29 11:16 p.m.6 views

AZL-78907 CVE-2025-58183 affecting package golang 1.25.7-1

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

4.3CVSS7.2AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2025/06/11 5:15 p.m.5 views

AZL-78986 CVE-2025-22874 affecting package golang 1.25.7-1

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.5CVSS6.9AI score0.00311EPSS
Exploits0References1
OSV
OSV
added 2019/03/08 3:29 p.m.7 views

AZL-78966 CVE-2019-9634 affecting package golang 1.25.7-1

Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection...

7.8CVSS7.2AI score0.03326EPSS
Exploits1References1
Rows per page
Query Builder