Lucene search
+L

81 matches found

RedHat Linux
RedHat Linux
added 3 days ago4 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/02 12:0 p.m.2 views

attr: Symlink Traversal Privilege Escalation via getfattr and setfattr

A flaw was found in the attr package. This vulnerability allows a local attacker to perform a symlink traversal attack by replacing a pathname component with a symbolic link - either during directory hierarchy traversal by getfattr or during backup restoration by setfattr, which reads and resolve...

8.4CVSS6AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52514

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The patch application pipeline @pnpm/patch-package fails to validate file paths extracted from .patch files. An attacker can provide a malicious patch file containing...

7.3CVSS5.9AI score0.0027EPSS
Exploits1References5
CBLMariner
CBLMariner
added 2026/05/09 3:31 a.m.8 views

CVE-2026-32288 affecting package gh for versions less than 2.62.0-15

CVE-2026-32288 affecting package gh for versions less than 2.62.0-15. A patched version of the package is available...

5.5CVSS5.8AI score0.0029EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/09 3:31 a.m.9 views

CVE-2026-34743 affecting package xz for versions less than 5.4.4-3

CVE-2026-34743 affecting package xz for versions less than 5.4.4-3. A patched version of the package is available...

6.3CVSS5.8AI score0.00351EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:22 p.m.10 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.wh which is vulnerable to CVE-2026-34073

Summary IBM Maximo Scheduler Optimizer uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.wh which is vulnerable to CVE-2026-34073. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package...

9.8CVSS5.9AI score0.00652EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.1 views

Ubuntu: Security Advisory (USN-7868-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7AI score0.03079EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/11 12:41 a.m.7 views

EUVD-2025-52873

Malicious code in outer-peach-chipmunk npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-26749

Malware in sbrugna...

5.5CVSS6.5AI score0.00701EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47977

Malicious code in bioql PyPI...

3.2CVSS3.8AI score0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-14177

Malicious code in bioql PyPI...

5.3CVSS7.3AI score0.00865EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29994

Malicious code in bioql PyPI...

5.5CVSS6.4AI score0.00454EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-43072

Malicious code in bioql PyPI...

7.8CVSS7AI score0.00356EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-29992

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00508EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-28176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JS...

5.9CVSS6.8AI score0.02085EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/06/30 9:23 p.m.9 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/24 12:31 p.m.10 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/17 3:17 p.m.9 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/17 11:30 a.m.9 views

kea: Loading a malicious hook library can lead to local privilege escalation

A flaw was found in the Kea package, where an unprivileged user can instruct Kea to load a hook library from any arbitrary local file. This hook can then be executed using the same privileges that Kea runs under. This vulnerability allows an attacker with access to a local, unprivileged account t...

7.8CVSS6.2AI score0.00233EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/06/16 2:44 p.m.11 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
Rows per page
Query Builder