10000 matches found
AZL-79625 CVE-2026-27138 affecting package golang 1.26.0-1
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
AZL-79610 CVE-2026-27138 affecting package golang 1.25.7-1
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
Uncaught Exception
Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report:Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain h...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005746)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005746 advisory. In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skbunderpanic in ip6mrcachereport skbuff: skbunderpanic: text:ffffffff88771f69 len:56...
Golang 1.26.x < 1.26.1 Multiple Vulnerabilities
The version of Golang running on the remote host is prior to 1.26.1. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - When verifying a certificate chain which contains a certificate containing multiple email address constraints composed of the full email...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the KillAction and RestartAction API handlers when a log entry is created with a nil binding through StartActionByGet using an invalid action ID. An attacker can cause repeated server-side panics and disrupt...
OliveTin has crash on NPE by calling APIs with invalid bindings or log references
Summary An unauthenticated attacker can trigger server-side panics by first creating an execution log entry with a nil binding via StartActionByGet invalid action ID, then calling KillAction or RestartAction on that tracking ID. This causes a nil-pointer dereference in API handlers and results in...
Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
...
SUSE CVE-2025-71238
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsgdone causing double free Kernel panic observed on system, 5353358.825191 BUG: unable to handle page fault for address: ff5f5e897b024000 5353358.825194 PF: supervisor write access in kernel mode 5353358.82519...
GHSA-HX52-CV84-JR5V Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers
Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005661)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005661 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix BUGON condition in btrfscancelbalance Pausing and canceling balance can race to...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005672)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005672 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfssb2badoffset Patch series nilfs2: fix UBSAN...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005666)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005666 advisory. In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skbunderpanic in ip6mrcachereport skbuff: skbunderpanic: text:ffffffff88771f69 len:56...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005733)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005733 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix resolving backrefs for inline extent followed by prealloc If a file consists of an...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005795)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005795 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix null pointer dereference in tracingerrlogopen Fix an issue in function...
PT-2026-23444
Name of the Vulnerable Software and Affected Versions Sliver versions prior to the fix Description Sliver, a C2 server, contains a systemic lack of nil-pointer validation in its Protobuf unmarshalling logic. This allows an authenticated actor, by omitting nested fields in a signed message, to...
GHSA-6W86-WGWQ-RGQ8 neqo-qpack has iInteger overflow in qpack dynamic table indexing
Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...
EUVD-2025-208273
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsgdone causing double free Kernel panic observed on system, 5353358.825191 BUG: unable to handle page fault for address: ff5f5e897b024000 5353358.825194 PF: supervisor write access in kernel mode 5353358.82519...