Lucene search
K

92 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 3:29 p.m.10 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.5

Red Hat OpenShift Service Mesh 3.3.5 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.3....

7.5CVSS6.8AI score0.00813EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 p.m.15 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.10

Red Hat OpenShift Service Mesh 3.1.10 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

7.5CVSS6.8AI score0.00813EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 12:43 p.m.1 views

net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

A flaw was found in the net/mail package of the Go programming language. An attacker could provide specially crafted inputs to the ParseAddress, ParseAddressList, or ParseDate functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service DoS for...

7.5CVSS6.9AI score0.00784EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/04 12:39 p.m.1 views

net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

A flaw was found in the net/mail package of the Go programming language. An attacker could provide specially crafted inputs to the ParseAddress, ParseAddressList, or ParseDate functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service DoS for...

7.5CVSS6.9AI score0.00784EPSS
Exploits0References8
OSV
OSV
added 2026/05/26 2:54 p.m.8 views

SUSE-SU-2026:2078-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
OSV
OSV
added 2026/05/17 8:16 p.m.7 views

OPENSUSE-SU-2026:20762-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00813EPSS
Exploits0References24
SUSE Linux
SUSE Linux
added 2026/05/14 10:33 p.m.10 views

Security update for go1.26

This update for go1.26 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References48
OSV
OSV
added 2026/05/11 5:44 a.m.8 views

BIT-GOLANG-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.8AI score0.00784EPSS
Exploits0References18
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.57 views

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

0.00784EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.11 views

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

5.8AI score0.00784EPSS
Exploits0References4
CVE
CVE
added 2026/05/07 7:41 p.m.98 views

CVE-2026-39820

CVE-2026-39820 relates to the Go net/mail package, specifically a quadratic string concatenation in the consumeComment path. This root cause can cause excessive CPU usage and memory allocations when parsing crafted inputs through functions like ParseAddress, ParseAddressList, and ParseDate. The p...

7.5CVSS5.8AI score0.00784EPSS
Exploits0References17Affected Software1
OSV
OSV
added 2026/05/07 7:41 p.m.2 views

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.9AI score0.00784EPSS
Exploits0References20
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.69 views

CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

0.00798EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.6 views

CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

5.8AI score0.00798EPSS
Exploits0References4
CVE
CVE
added 2026/05/07 7:41 p.m.72 views

CVE-2026-42499

CVE-2026-42499 affects the net/mail package’s consumePhrase routine, where pathological inputs can trigger DoS due to quadratic string concatenation when parsing RFC 5322 email addresses. This is documented across multiple feeds (NVD, CVE list, Debian, CIRCL, OSV GO-2026-4977, vulnrichment), indi...

7.5CVSS5.8AI score0.00798EPSS
Exploits0References17Affected Software1
Snyk
Snyk
added 2026/05/07 7:21 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger...

8.7CVSS5.8AI score0.00784EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 7:21 p.m.17 views

GO-2026-4986 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.8AI score0.00784EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/07 7:21 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Pathological inputs could cause DoS through consumePhrase when parsing an email address according ...

7.5CVSS5.8AI score0.00798EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 7:21 p.m.14 views

GO-2026-4977 Quadratic string concatenation in consumePhrase in net/mail

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

7.5CVSS5.8AI score0.00798EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/04/28 7:32 a.m.16 views

USN-8216-1: .NET vulnerabilities

Ludvig Pedersen discovered that the System.Security.Cryptography.Xml library in .NET incorrectly handled certain XML inputs. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. CVE-2026-33116, CVE-2026-26171 Ludvig Pedersen and Kevin Jones...

9.1CVSS6.4AI score0.11205EPSS
Exploits0
Rows per page
Query Builder