100 matches found
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: msft: fixed a slab-use-after-free in msftdoclose By tying the lifetime of msft-data to hdev by freeing it in hcireleasedev, the following issue was addressed: Use msftdoclose msft = hdev-msftdata; if !msft ...1...
AZL-79634 CVE-2026-27142 affecting package msft-golang 1.24.13-1
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
CVE-2025-61730 affecting package msft-golang for versions less than 1.24.12-1
CVE-2025-61730 affecting package msft-golang for versions less than 1.24.12-1. A patched version of the package is available...
CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1
CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1. A patched version of the package is available...
CVE-2025-68119 affecting package msft-golang for versions less than 1.24.12-1
CVE-2025-68119 affecting package msft-golang for versions less than 1.24.12-1. A patched version of the package is available...
AZL-75639 CVE-2025-68119 affecting package msft-golang for versions less than 1.24.12-1
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
AZL-75642 CVE-2025-61726 affecting package msft-golang for versions less than 1.24.12-1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
AZL-75648 CVE-2025-61730 affecting package msft-golang for versions less than 1.24.12-1
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...
AZL-71635 CVE-2025-61727 affecting package msft-golang 1.24.13-1
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...
AZL-69140 CVE-2025-58186 affecting package msft-golang 1.24.13-1
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...
CBL Mariner 2.0 Security Update: msft-golang (CVE-2025-4673)
The version of msft-golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4673 advisory. - Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaki...
CBL Mariner 2.0 Security Update: msft-golang (CVE-2025-22874)
The version of msft-golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22874 advisory. - Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpoli...
CVE-2025-4673 affecting package msft-golang for versions less than 1.24.1-3
CVE-2025-4673 affecting package msft-golang for versions less than 1.24.1-3. A patched version of the package is available...
CVE-2025-22874 affecting package msft-golang for versions less than 1.24.1-3
CVE-2025-22874 affecting package msft-golang for versions less than 1.24.1-3. A patched version of the package is available...
AZL-63872 CVE-2025-22874 affecting package msft-golang for versions less than 1.24.1-3
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...
CBL Mariner 2.0 Security Update: golang / msft-golang (CVE-2025-22871)
The version of golang / msft-golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22871 advisory. - The net/http package improperly accepts a bare LF as a line terminator in chunked data...
CVE-2025-22871 affecting package msft-golang for versions less than 1.24.1-2
CVE-2025-22871 affecting package msft-golang for versions less than 1.24.1-2. A patched version of the package is available...
AZL-59652 CVE-2025-22871 affecting package msft-golang for versions less than 1.24.1-2
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
CVE-2024-45336 affecting package msft-golang for versions less than 1.23.3-2
CVE-2024-45336 affecting package msft-golang for versions less than 1.23.3-2. A patched version of the package is available...
CVE-2024-45341 affecting package msft-golang for versions less than 1.23.3-2
CVE-2024-45341 affecting package msft-golang for versions less than 1.23.3-2. A patched version of the package is available...