7 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509 [CVE-2025-61729]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509, caused by a contidtion within HostnameError.Error, when constructing an error string, where there is no limit to the number of hosts that will be printed out CVE-2025-61729. Crypto/x509 i...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-1578)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.CVE-2025-58185 When Conn.Handshake fai...
CLSA-2026-1772619878 runc: Fix of 3 CVEs
rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...
CLSA-2026-1772040065 grafana-pcp: Fix of 2 CVEs
rebuild with newer golang version 1.22.9-1.el92.tuxcare.els5 to fix the following CVE's - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages...
Alibaba Cloud Linux 3 : 0038: git-lfs (ALINUX3-SA-2026:0038)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0038 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-61729: Within HostnameError.Error, when...
Amazon Linux 2 : containerd, --advisory ALAS2ECS-2025-091 (ALASECS-2025-091)
The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-091 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the...
OESA-2025-2868 golang security update
. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...