Уязвимости

  1. CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak

    Information published.

  2. CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

    Information published.

  3. CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

    Information published.

  4. CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

    Information published.

  5. CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

    Information published.

  6. CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

    Information published.

  7. CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

    Information published.

  8. CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

    Information published.

  9. CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

    Information published.

  10. CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

    Information published.

  11. CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

    Information published.

  12. CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

    Information published.

  13. CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

    Information published.

  14. CVE-2026-43964 Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.

    Information published.

  15. CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

    Information published.

  16. CVE-2024-7598 Network restriction bypass via race condition during namespace termination

    Information published.

  17. CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

    Information published.

  18. CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve

    Information published.

  19. CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).

    Information published.

  20. CVE-2020-8561 Webhook redirect in kube-apiserver

    Information published.

Приглашаю на лучшие дистанционные курсы повышения квалификации, курсы профессиональной переподготовки и курсы по специальностям на проверенной образовательной платформе «Знанио».

Воспользуйтесь моим купоном «9954514» при оформлении заказа, чтобы получить скидку -50% на https://znanio.ru на все курсы и другие услуги портала.

Прогноз погоды в Анадырь
world-weather.ru