Log inCVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
3 Juni 2026 om 10:49
Information published.
Normale weergave
Ontvangen β 3 Juni 2026
β
Microsoft Security
-
Microsoft Security
- CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
-
- CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
3 Juni 2026 om 10:49
Information published.
-
- CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
3 Juni 2026 om 10:49
Information published.
CVE-2026-32281 Inefficient policy validation in crypto/x509
3 Juni 2026 om 10:49
Information published.
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
3 Juni 2026 om 10:48
Information published.
CVE-2026-32280 Unexpected work during chain building in crypto/x509
3 Juni 2026 om 10:48
Information published.
-
- CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
3 Juni 2026 om 10:48
Information published.
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
3 Juni 2026 om 10:48
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
3 Juni 2026 om 10:48
Information published.
-
- CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
3 Juni 2026 om 10:48
Information published.
-
- CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
3 Juni 2026 om 10:47
Information published.
-
- CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
3 Juni 2026 om 10:47
Information published.
-
- CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
3 Juni 2026 om 10:45
Information published.
-
- CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
3 Juni 2026 om 10:45
Information published.
-
- CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
3 Juni 2026 om 10:45
Information published.
-
- CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
3 Juni 2026 om 10:45
Information published.
-
- CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
3 Juni 2026 om 10:45
Information published.
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
3 Juni 2026 om 10:45
Information published.
-
- CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
3 Juni 2026 om 10:44
Information published.
-
- CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
3 Juni 2026 om 10:44
Information published.
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
3 Juni 2026 om 10:44
Information published.
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
3 Juni 2026 om 10:44
Information published.
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
3 Juni 2026 om 10:44
Information published.
-
- CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
3 Juni 2026 om 10:44
Information published.
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
3 Juni 2026 om 10:43
Information published.
-
- CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
3 Juni 2026 om 10:43
Information published.
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
3 Juni 2026 om 10:43
Information published.
-
- CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
3 Juni 2026 om 10:43
Information published.
-
- CVE-2026-40356 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
CVE-2026-40356 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
3 Juni 2026 om 10:43
Information published.
-
- CVE-2026-40355 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
CVE-2026-40355 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
3 Juni 2026 om 10:43
Information published.
