Lucene search
+L

31 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1886)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1886 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

9.6CVSS7AI score0.0056EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-132 (ALASDOCKER-2026-132)

The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-132 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680...

9.6CVSS7AI score0.0056EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-128 (ALASDOCKER-2026-128)

The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-128 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounde...

10CVSS5.8AI score0.00533EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.10 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-124 (ALASDOCKER-2026-124)

The version of runfinch-finch installed on the remote host is prior to 1.17.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-124 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.20 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-117 (ALASDOCKER-2026-117)

The version of runfinch-finch installed on the remote host is prior to 1.17.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-117 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination ...

9.8CVSS6AI score0.00632EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.5 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-106 (ALASDOCKER-2026-106)

"The version of runfinch-finch installed on the remote host is prior to 1.15.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2026-106 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting fr...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References4
Amazon
Amazon
added 2026/04/14 12:0 a.m.6 views

Important: runfinch-finch

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS5.9AI score0.01557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/03/01 12:0 a.m.6 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-097 (ALASDOCKER-2026-097)

The version of runfinch-finch installed on the remote host is prior to 1.14.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-097 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...

10CVSS6AI score0.01945EPSS
Exploits3References12
Amazon
Amazon
added 2026/02/19 12:0 a.m.10 views

Medium: runfinch-finch

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS5.8AI score0.01945EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.7 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1336)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1336 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

7.5CVSS6.8AI score0.00533EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.3 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2025-081 (ALASDOCKER-2025-081)

The version of runfinch-finch installed on the remote host is prior to 1.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-081 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.8 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1270)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1270 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References22
Amazon
Amazon
added 2025/11/10 12:0 a.m.10 views

Important: runfinch-finch

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS8.7AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.11 views

Important: runfinch-finch

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS8.8AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/07/10 12:0 a.m.3 views

Medium: runfinch-finch

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.8AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2025/07/10 12:0 a.m.6 views

Medium: runfinch-finch

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: runfinch-finch Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...

6.8CVSS7AI score0.0056EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.6 views

Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-071)

The version of runfinch-finch installed on the remote host is prior to 1.8.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-071 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive...

6.8CVSS6.5AI score0.0056EPSS
Exploits0References4
Amazon
Amazon
added 2025/06/02 12:0 a.m.7 views

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS9.4AI score0.00778EPSS
Exploits0
Amazon
Amazon
added 2025/06/02 12:0 a.m.14 views

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.6AI score0.00778EPSS
Exploits0
Amazon
Amazon
added 2025/05/29 12:0 a.m.12 views

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00778EPSS
Exploits0
Rows per page
Query Builder