Log inCVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
4 Juni 2026 om 10:41
Information published.
Normale weergave
Ontvangen β 4 Juni 2026
β
Microsoft Security
-
Microsoft Security
- CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
-
- CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak
4 Juni 2026 om 10:39
Information published.
-
- CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
4 Juni 2026 om 10:45
Information published.
-
- CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
4 Juni 2026 om 10:45
Information published.
-
- CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
4 Juni 2026 om 10:45
Information published.
-
- CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
4 Juni 2026 om 10:45
Information published.
-
- CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
4 Juni 2026 om 10:45
Information published.
-
- CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
4 Juni 2026 om 10:44
Information published.
-
- CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
4 Juni 2026 om 10:44
Information published.
-
- CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
4 Juni 2026 om 10:44
Information published.
-
- CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
4 Juni 2026 om 10:43
Information published.
-
- CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
4 Juni 2026 om 10:43
Information published.
-
- CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
4 Juni 2026 om 10:42
Information published.
-
- CVE-2026-43964 Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
Ontvangen β 3 Juni 2026
β
Microsoft Security
-
- CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
3 Juni 2026 om 10:49
Information published.
-
- CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
3 Juni 2026 om 10:49
Information published.
-
- CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
3 Juni 2026 om 10:49
Information published.
CVE-2026-32281 Inefficient policy validation in crypto/x509
3 Juni 2026 om 10:49
Information published.
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
3 Juni 2026 om 10:48
Information published.
CVE-2026-32280 Unexpected work during chain building in crypto/x509
3 Juni 2026 om 10:48
Information published.
-
- CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
3 Juni 2026 om 10:48
Information published.
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
3 Juni 2026 om 10:48
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
3 Juni 2026 om 10:48
Information published.
-
- CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
3 Juni 2026 om 10:48
Information published.
-
- CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
3 Juni 2026 om 10:47
Information published.
-
- CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
3 Juni 2026 om 10:47
Information published.
-
- CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
3 Juni 2026 om 10:45
Information published.
-
- CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
3 Juni 2026 om 10:45
Information published.
-
- CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
3 Juni 2026 om 10:45
Information published.
