Lucene search
K

15 matches found

OSV
OSV
added 2026/06/05 12:4 p.m.22 views

RLSA-2026:22937 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls CVE-2025-68121...

9.1CVSS6.7AI score0.01945EPSS
Exploits2References9
RedHat Linux
RedHat Linux
added 2026/06/03 8:19 a.m.18 views

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

10CVSS6.9AI score0.01945EPSS
Exploits3References14
SUSE Linux
SUSE Linux
added 2026/05/27 7:58 a.m.10 views

Security update for gnutls

This update for gnutls fixes the following issues CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short ciphertexts bsc1263715. CVE-2026-33845: buffers: switch from endoffset over to fraglength...

8.8CVSS5.8AI score0.01335EPSS
Exploits1References44
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.18 views

RHEL 9 : golang (RHSA-2026:19181)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19181 advisory. The golang packages provide the Go programming language compiler. Security Fixes: crypto/x509: Incorrect enforcement of email constraints i...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.17 views

RHEL 10 : rhc-worker-playbook (RHSA-2026:10929)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:10929 advisory. A worker for yggdrasil that receives Ansible playbooks and executes them against the local host. Security Fixes: crypto/x509: Incorrect...

7.5CVSS8AI score0.00728EPSS
Exploits0References6
OSV
OSV
added 2026/03/24 8:54 a.m.4 views

SUSE-SU-2026:0993-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6.2AI score0.00728EPSS
Exploits0References12
OSV
OSV
added 2026/03/23 4:34 p.m.10 views

SUSE-SU-2026:0976-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...

7.5CVSS6.2AI score0.00728EPSS
Exploits0References12
SUSE Linux
SUSE Linux
added 2026/03/03 3:51 p.m.16 views

Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: Update to version 1.24.13 jscSLE-18320, bsc1236217. Security issues fixed: CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68119: cmd/go: unexpected code execution...

9.6CVSS6.3AI score0.00765EPSS
Exploits1References16
OSV
OSV
added 2026/03/03 3:51 p.m.5 views

SUSE-SU-2026:0789-1 Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: Update to version 1.24.13 jscSLE-18320, bsc1236217. Security issues fixed: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68119: cmd/go: unexpected code...

10CVSS6.4AI score0.00765EPSS
Exploits1References8
OSV
OSV
added 2026/02/13 10:8 a.m.4 views

SUSE-SU-2026:20428-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session...

10CVSS5.9AI score0.00765EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2026/02/11 8:32 a.m.5 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session tick...

9.6CVSS5.7AI score0.00765EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.5 views

SUSE CVE-2021-41581

x509constraintsparsemailbox in lib/libcrypto/x509/x509constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAINPARTMAXLEN, the buffer lacks '\0' termination...

5.5CVSS6.1AI score0.00625EPSS
Exploits1References3
Prion
Prion
added 2021/09/24 3:15 a.m.23 views

Stack overflow

x509constraintsparsemailbox in lib/libcrypto/x509/x509constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAINPARTMAXLEN, the buffer lacks '\0' termination...

4.3CVSS5.6AI score0.00625EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/09/24 12:0 a.m.4 views

LibreSSL 缓冲区错误漏洞

LibreSSL is an open source implementation of the Secure Sockets Layer SSL and Transport Layer Security TLS protocols. x509constraintsparsemailbox in lib/libcrypto/x509/x509constraints.c in LibreSSL 3.4.0 and earlier versions has a stack buffer overflow vulnerability. No detailed vulnerability...

5.5CVSS7AI score0.00625EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/09/24 12:0 a.m.11 views

PT-2021-23347 · Openssl +1 · Libressl +1

Name of the Vulnerable Software and Affected Versions: LibreSSL versions through 3.4.0 Description: The issue is related to a stack-based buffer over-read in the x509 constraints parse mailbox function in lib/libcrypto/x509/x509 constraints.c. This occurs when the input exceeds DOMAIN PART MAX LE...

9.8CVSS6.7AI score0.59501EPSS
Exploits1References20
Rows per page
Query Builder