34 matches found
RHCOS 4 : OpenShift Container Platform 4.8.9 (RHSA-2021:3248)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3248 advisory. - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header CVE-2021-31525 - golang: net: lookup...
PT-2026-34530
A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::from der or OwnedCertRevocationList::from der. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...
GHSA-3G9H-9HP4-654V SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass
Summary The SiYuan kernel WebSocket server accepts unauthenticated connections when a specific “auth keepalive” query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages tha...
CVE-2026-31812
In Quinn (Rust, QUIC), the quinn-proto parsing path decodes attacker-controlled varints with unwrap(), so a crafted QUIC Initial packet containing malformed quic_transport_parameters can trigger an unexpected end and panic. This remote, unauthenticated DoS is reachable over the network and affect...
CVE-2026-31812 Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...
UBUNTU-CVE-2026-23991
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...
CVE-2026-23991 go-tuf affected by client DoS via malformed server response
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...
CVE-2026-23991
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...
Azure Linux 3.0 Security Update: cni / containernetworking-plugins / keda / multus (CVE-2021-38561)
The version of cni / containernetworking-plugins / keda / multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-38561 advisory. - golang.org/x/text/language in golang.org/x/text before 0.3.7 can...
go-tuf affected by client DoS via malformed server response
Security Disclosure: Client DoS via malformed server response Summary If the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a DoS. The panic happens before any signature is validated...
GHSA-846P-JG2W-W324 go-tuf affected by client DoS via malformed server response
Security Disclosure: Client DoS via malformed server response Summary If the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a DoS. The panic happens before any signature is validated...
CVE-2025-65568
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...
CVE-2025-62162 cel-rust May Panic During Parsing of Invalid CEL Expressions
cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g.,...
EUVD-2021-1742
Malware in sbrugna...
EUVD-2025-24646
Malicious code in bioql PyPI...
Important: amazon-cloudwatch-agent
Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...
OESA-2024-2587 golang security update
. Security Fixes: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...
DEBIAN-CVE-2024-34158
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...