BIT-GOLANG-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

OPENSUSE-SU-2026:20877-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index bsc1254441. - CVE-2026-29518: Symlink-Race TOCTOU in Daemon use chroot = no bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. -...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Test management Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an...

CVE-2018-25360

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructio...

AgataSoft Auto PingMaster 安全漏洞

AgataSoft Auto PingMaster is a network monitoring tool from AgataSoft, Inc. that supports host connectivity detection, latency monitoring and fault alerting. A security vulnerability exists in AgataSoft Auto PingMaster version 1.5, which stems from a stack-based buffer overflow in the Trace Route...

CVE-2018-25345

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the...

CVE-2018-25345 10-Strike Network Scanner 3.0 Local Buffer Overflow SEH

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the...

CVE-2018-25345

The entry concerns 10-Strike Network Scanner 3.0 with a local buffer overflow in the host name field that bypasses SafeSEH protections and enables arbitrary code execution. The vulnerability can be triggered by crafting a payload in the host name or address field and invoking Trace route or Syste...

CVE-2018-25345

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the...

EUVD-2018-21867

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the...

10-Strike Network Scanner 安全漏洞

The 10-Strike Network Scanner is a local area network device discovery and network scanning tool developed by the 10-Strike company in the United States. Version 3.0 of the 10-Strike Network Scanner contains a security vulnerability. This vulnerability stems from a local buffer overflow in the ho...

Malicious code in gator-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1925735d02fb91f74a11718c3402ad0b10f551eecb8c6d88f02d475b3e0a799f On npm install via scripts.install: node index.js and on every require'gator-client', lib/core.js collects os.userInfo.username, os.hostname, and the...

MAL-2026-4569 Malicious code in gator-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1925735d02fb91f74a11718c3402ad0b10f551eecb8c6d88f02d475b3e0a799f On npm install via scripts.install: node index.js and on every require'gator-client', lib/core.js collects os.userInfo.username, os.hostname, and the...

Astra Linux - уязвимость в exim4

Exim before version 4.95 has a heap-based buffer overflow for the alias list in hostnamelookup in host.c when senderhostname is set...

Astra Linux - уязвимость в avahi

A vulnerability was discovered in Avahi. There exists a potentially exploitable assertion in the avahialternativehostname function...

Astra Linux - уязвимость в samba

Samba does not validate the Validated-DNS-Host-Name property for the dNSHostName attribute, which may allow unprivileged users to modify it...

CLSA-2026-1778769563 python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

RHCOS 4 : OpenShift Container Platform 4.8.9 (RHSA-2021:3248)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3248 advisory. - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header CVE-2021-31525 - golang: net: lookup...

PT-2026-37532

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dm put device when failing to get scsi dh name When commit fd81bc5cca8f "scsi: device handler: Return error pointer in scsi dh attached handler name" added code to fail parsing the path if scsi dh attached...