Lucene search
K

1259 matches found

RedHat Linux
RedHat Linux
added last week3 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7AI score0.00615EPSS
Exploits0References8
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00306EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 4:16 p.m.5 views

UBUNTU-CVE-2026-57438

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

6.6CVSS5.8AI score0.00093EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 3:16 p.m.7 views

UBUNTU-CVE-2026-57235

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 3:16 p.m.4 views

UBUNTU-CVE-2026-57436

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS5.7AI score0.00312EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 2:34 p.m.6 views

CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.9AI score0.00312EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/25 12:7 a.m.7 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS5.9AI score0.00349EPSS
Exploits0References8
Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0032

The vulnerability of the LookupCNAME function in the Go programming language is related to a memory reclamation error when processing CNAME records. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.5CVSS5.9AI score0.00813EPSS
Exploits0
Fedora
Fedora
added 2026/06/11 1:9 a.m.13 views

[SECURITY] Fedora 43 Update: rust-1.96.0-1.fc43

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

6.5CVSS5.4AI score0.00328EPSS
Exploits0
OSV
OSV
added 2026/05/29 4:3 p.m.17 views

RLSA-2026:19013 Moderate: delve security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

7.5CVSS5.8AI score0.01945EPSS
Exploits3References4
Packet Storm News
Packet Storm News
added 2026/05/24 12:0 a.m.15 views

Securing High-Performance Data Transfers: Implementing AES Encryption in RDMA Systems

Remote Direct Memory Access RDMA is a key enabler of high-performance systems, offering low latency, high throughput, and reduced CPU overhead by allowing direct memory-to-memory transfers between machines. However, its design bypasses traditional CPU-mediated security mechanisms, introducing...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where non-empty permissions are silently discarded when an Authentication callback returns...

6.3CVSS5.8AI score0.00314EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.49.0, the String::retain function has a panic security issue. It allows the creation of a non-UTF-8 Rust string when the provided closure panics. This bug could lead to a memory safety violation if other string APIs assume that UTF-8 encoding is us...

7.5CVSS7.4AI score0.01509EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Golang-1.15

In Go, encoding/xml in versions prior to 1.15.9 and 1.16.x prior to 1.16.1 can lead to an infinite loop if a custom TokenReader used for xml.NewTokenDecoder returns EOF midway through an element. This issue can occur in the Decode, DecodeElement, or Skip methods...

7.5CVSS7.1AI score0.02543EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 4:19 p.m.14 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
OSV
OSV
added 2026/05/19 12:0 a.m.8 views

ALSA-2026:19181 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: crypto/x509: Incorrect enforcement of email constraints in crypto/x509 CVE-2026-27137 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References6
Securelist
Securelist
added 2026/05/14 11:0 a.m.14 views

Kimsuky targets organizations with PebbleDash-based tools

Over the past few months, we have conducted an in-depth analysis of specific activity clusters of Kimsuky aka APT43, Ruby Sleet, Black Banshee, Sparkling Pisces, Velvet Chollima, and Springtail, a prolific Korean-speaking threat actor. Our research revealed notable tactical shifts throughout...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/13 3:39 p.m.10 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/13 2:21 a.m.10 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

9CVSS6AI score0.00658EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/12 11:30 p.m.18 views

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

9CVSS6AI score0.00658EPSS
Exploits0References8
Rows per page
Query Builder