Lucene search
+L

21 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-44310

A flaw was found in Gitsign, a tool used for signing Git commits with a GitHub or OIDC OpenID Connect identity. A remote attacker could craft a specially designed signed message that contains an empty certificate set. This malformed message would cause Gitsign's verification process to silently...

6.5CVSS5AI score0.00111EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Golang-1.19

Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/TLS clients, as well as servers that have Config.ClientAuth set to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default...

5.9CVSS6.8AI score0.00667EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.19 views

SUSE CVE-2026-44310

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS5.9AI score0.00111EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 4:17 p.m.9 views

CVE-2026-44310 gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS5.9AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 4:17 p.m.2 views

CVE-2026-44310 gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS6AI score0.00111EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 5:37 p.m.74 views

GHSA-7C37-GX6W-8VC5 gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Summary CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with an empty certificate set is a structurally valid DER payload; GetCertificates returns an empty slice with no error,...

5.4CVSS5.8AI score0.00111EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.16 views

RHCOS 4 / 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. - dnspython: denial of service in stub resolver CVE-2023-29483 - golang: net/http/cookiejar: incorrect forwarding of sensitive...

8.3CVSS5.8AI score0.02085EPSS
Exploits1References22
NVD
NVD
added 2026/04/22 9:17 p.m.15 views

CVE-2026-34067

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2...

6.5CVSS0.00318EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from a panic being triggered by HistoryTreeProof::verify in the nimiq-transaction when processing proofs with incorrect formats...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : delve-1.21.2-2.el9, golang-1.21.9-2.el9 (AXSA:2024-7759:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7759:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

7.5CVSS7.5AI score0.91969EPSS
Exploits1References8
OSV
OSV
added 2025/06/27 1:16 p.m.4 views

OESA-2025-1690 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue,...

6.5CVSS7AI score0.01165EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/03 11:45 a.m.5 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00667EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/09/03 9:23 a.m.11 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00667EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/09/03 8:16 a.m.11 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00667EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/06/20 12:39 p.m.6 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00667EPSS
Exploits0References11
Amazon
Amazon
added 2024/05/28 12:0 a.m.6 views

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.6AI score0.91969EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2024/03/06 4:33 a.m.4 views

SUSE CVE-2024-24783

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...

7.5CVSS7.2AI score0.00667EPSS
Exploits0References18
Snyk
Snyk
added 2024/03/05 10:14 p.m.3 views

Uncaught Exception

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify ...

8.2CVSS6.7AI score0.00667EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.5 views

Google Go Security Vulnerability

Google Go is a static strongly-typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Google Go, which stems from the fact that verifying a certificate chain containing certificates with unknown public key algorithms will result i...

5.9CVSS9AI score0.00667EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.18 views

PT-2024-2139 · Debian +10 · Debian +10

Name of the Vulnerable Software and Affected Versions: crypto/tls versions affected versions not specified golang affected versions not specified Description: The issue arises when verifying a certificate chain that contains a certificate with an unknown public key algorithm, causing...

9.8CVSS6.6AI score0.91969EPSS
Exploits2References354
Rows per page
Query Builder