Lucene search
K

13 matches found

UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.2 views

CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

5.3CVSS7.1AI score0.00526EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.4 views

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS7.1AI score0.00534EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/29 11:16 p.m.4 views

CVE-2025-58185

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

5.3CVSS7.1AI score0.00526EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/09/22 9:15 p.m.2 views

CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

5.4CVSS7.1AI score0.00308EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/06/11 6:15 p.m.6 views

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

5.5CVSS6.9AI score0.00245EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/01/28 2:15 a.m.14 views

CVE-2024-45336

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...

6.1CVSS6.8AI score0.00647EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/09/06 9:15 p.m.12 views

CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

7.5CVSS6.9AI score0.01046EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2023/09/08 5:15 p.m.25 views

CVE-2023-39321

Processing an incomplete post-handshake message for a QUIC connection can cause a panic...

7.5CVSS6.8AI score0.01146EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/03/08 12:0 a.m.36 views

CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

5.3CVSS6.8AI score0.00817EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/12/07 5:15 p.m.41 views

CVE-2022-41720

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

7.5CVSS6.9AI score0.0119EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/11/02 4:15 p.m.35 views

CVE-2022-41716

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

7.5CVSS6.7AI score0.00778EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/09/30 7:15 p.m.34 views

CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling...

7.5CVSS6.9AI score0.05157EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/03/13 8:29 a.m.25 views

CVE-2019-9741

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

6.1CVSS6.8AI score0.02346EPSS
Exploits1References1
Rows per page
Query Builder