Lucene search
K

20 matches found

UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.4 views

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS7.1AI score0.00534EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.2 views

CVE-2025-58187

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

7.5CVSS7AI score0.00384EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.2 views

CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

5.3CVSS7.1AI score0.00526EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.6 views

CVE-2025-58183

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.3 views

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

7.5CVSS7AI score0.00361EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.4 views

CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

7.5CVSS6.8AI score0.00613EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.4 views

CVE-2025-58185

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

5.3CVSS7.1AI score0.00526EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.5 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS7.1AI score0.00443EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.5 views

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

5.3CVSS7AI score0.00443EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/09/22 9:15 p.m.2 views

CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

5.4CVSS7.1AI score0.00308EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/29 10:15 p.m.4 views

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.8AI score0.00273EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/06/11 6:15 p.m.6 views

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

5.5CVSS6.9AI score0.00245EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/06/11 5:15 p.m.7 views

CVE-2025-22874

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.5CVSS6.9AI score0.00311EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/06/11 5:15 p.m.10 views

CVE-2025-4673

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.8AI score0.0056EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/03/12 7:15 p.m.16 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.7AI score0.00384EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2025/02/06 5:15 p.m.10 views

CVE-2025-22866

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private...

4CVSS6.8AI score0.00272EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/01/28 2:15 a.m.14 views

CVE-2024-45336

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...

6.1CVSS6.8AI score0.00647EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/01/28 12:0 a.m.146 views

CVE-2024-45340

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file...

8.8CVSS7.1AI score0.00685EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/01/28 12:0 a.m.10 views

CVE-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

7.5CVSS7AI score0.00587EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/09/06 9:15 p.m.9 views

CVE-2024-34156

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

7.5CVSS6.9AI score0.01127EPSS
Exploits0References10
Rows per page
Query Builder