8 matches found
Medium: nerdctl
Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...
Important: ecs-init
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...
SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:2326-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2326-1 advisory. This update for go1.25 fixes the following issues Update to go1.25.11 bsc1244485: - CVE-2026-27145: crypto/x50...
CVE-2026-42504
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
Cisco Secure Email Gateway Malware Detection Evasion Vulnerability
Cisco Secure Email Gateways, formerly known as Cisco Ironport Email Security Appliances, that are configured to detect malicious email attachments, can easily be circumvented. A remote attacker can leverage error tolerance and different MIME decoding capabilities of email clients, compared with t...
Cisco Secure Email Gateway Malware Detection Evasion
This report is being published within a coordinated disclosure procedure. The researcher has been in contact with the vendor but not received a satisfactory response within a given time frame. As the attack complexity is low and exploits have already been published by a third party there must be ...
DSA-1697-1 iceape - several vulnerabilities
Bulletin has no description...
Debian DSA-1621-1 : icedove - several vulnerabilities
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead t...