Lucene search
K

1220 matches found

RedHat Linux
RedHat Linux
added 4 days ago4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 4 days ago5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 5 days ago4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS0.00274EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/28 7:37 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-2581 DESCRIPTION: This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici...

7.5CVSS5.6AI score0.00728EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

AlmaLinux 10 : buildah (ALSA-2026:29195)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:29195 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

RockyLinux 9 : runc (RLSA-2026:29702)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29702 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/25 11:0 a.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 10:0 a.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 12:7 a.m.7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 12:7 a.m.10 views

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS5.9AI score0.00728EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

RHCOS 4 : OpenShift Container Platform 4.13.68 (RHSA-2026:26541)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26541 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...

10CVSS7.2AI score0.01945EPSS
Exploits4References14
RedHat Linux
RedHat Linux
added 2026/06/24 2:3 p.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 12:0 a.m.5 views

ALSA-2026:29455 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

9.1CVSS7.2AI score0.00728EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

RHEL 9 : buildah (RHSA-2026:29455)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29455 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

9.1CVSS7.3AI score0.00728EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.5 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

The concurrent use of the URL parser with non-UTF-8 data is not thread-safe. This could lead to a “use-after-free” condition, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

6.5CVSS6.9AI score0.00947EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in requests

Requests is an HTTP library. Due to an URL parsing issue, versions of Requests before 2.32.4 may expose .netrc credentials to third parties for specific, maliciously crafted URLs. Users should upgrade to version 2.32.4 to resolve this issue. For earlier versions of Requests, the use of the .netrc...

5.3CVSS6.2AI score0.00846EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:5 a.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2026-27142 DESCRIPTION: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an...

8.2CVSS8AI score0.00728EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.5 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References8
Rows per page
Query Builder