16 matches found
SUSE-SU-2026:22376-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...
SUSE-SU-2026:22193-1 Security update for mcphost
This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...
SUSE-SU-2026:22159-1 Security update for distribution
This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...
Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
...
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...
CVE-2026-39830
CVE-2026-39830 describes a vulnerability in golang.org/x/crypto/ssh where a malicious SSH peer can send unsolicited global request responses to fill an internal buffer, causing the connection read loop to block. The blocked goroutine cannot be released by Close(), leading to a per-connection reso...
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...
GO-2026-5017 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...
Regular Expression Denial Of Service (ReDoS)
copyparty is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to allowing arbitrary RegEx inputs in the filter parameter of the "Recent Uploads" page, which allows an attacker to craft a malicious regex that deadlocks the server...
copyparty allows Regex Denial of Service (ReDoS) in the upload listing
Summary The filter parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. PoC https://127.0.0.1:3923/?ru&filter=.++x Impact The server becomes fully inaccessible for a long time...
GHSA-5662-2RJ7-F2V6 copyparty allows Regex Denial of Service (ReDoS) in the upload listing
Summary The filter parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. PoC https://127.0.0.1:3923/?ru&filter=.++x Impact The server becomes fully inaccessible for a long time...
CVE-2025-54796
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...
CVE-2025-54796 Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...
RHEL 7 : mod_auth_mellon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: Cross-site session transfer vulnerability CVE-2017-6807 - The amreadpostdata function in...
CVE-2016-2146
The amreadpostdata function in modauthmellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service worker process crash, web server deadlock, or memory consumption via a large amount of POST data...