crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

RLSA-2026:19137 Important: go-fdo-server security update

This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location...

CLSA-2026-1779120418 git-lfs: Fix of CVE-2026-32283

rebuild with golang 1.25.7-1.el96.tuxcare.els5 to fix CVE-2026-32283 - CVE-2026-32283: prevent denial of service in crypto/tls caused by multiple TLS 1.3 key update messages in a single record...

ALSA-2026:19139 Important: go-fdo-client security update

go-fdo-client is the device-side implementation of FIDO Device Onboard specification in Go. It provides an FDO client that interacts with FDO manufacturer and owner servers to perform device on-boarding. Security Fixes: crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

UBUNTU-CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

CVE-2026-6637

The CVE-2026-6637 issue affects PostgreSQL’s refint module, causing a stack buffer overflow that could allow an unprivileged database user to execute arbitrary OS-level code running the database. A separate attack path exists when an application exposes a user-controlled column as a refint cascad...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

RHEL 9 : buildah (RHSA-2026:16102)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16102 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

RHEL 7 : host-metering (RHSA-2026:16101)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16101 advisory. Host metering service Security Fixes: crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVE-2026-32283 F...

RLSA-2026:14200 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

CVE-2026-39304

A flaw was found in Apache ActiveMQ Client, Apache ActiveMQ Broker, and Apache ActiveMQ. A remote attacker can exploit this vulnerability by rapidly triggering Transport Layer Security TLS version 1.3 handshake KeyUpdates. This improper handling of KeyUpdates causes the broker to exhaust its memo...

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the...

GHSA-5568-6QCG-G7FX Apache ActiveMQ: Denial of Service via Out of Memory vulnerability

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the broker to exhaust all available...

CVE-2026-39304

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

CVE-2026-32283

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3...

Allocation of Resources Without Limits or Throttling

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: If one side of the TLS connection sends multiple key update messages post-handshake in a singl...

PT-2026-28351

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race condition that can lead to potential corruption of std::queue and std::deque. The issue is triggered by a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from accepting RSS hash key updates when there is no RX indirect table, potentially leading to a hang...