VYPR

rpm package

almalinux/ipp-usb

pkg:rpm/almalinux/ipp-usb

Vulnerabilities (5)

  • CVE-2026-25679HigMar 6, 2026
    affected < 0.9.27-5.el10_1.1fixed 0.9.27-5.el10_1.1

    url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

  • CVE-2025-68121CriFeb 5, 2026
    affected < 0.9.27-5.el10_1fixed 0.9.27-5.el10_1

    During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and

  • CVE-2025-61726Jan 28, 2026
    affected < 0.9.27-5.el10_1fixed 0.9.27-5.el10_1

    The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a la

  • CVE-2025-61729Dec 2, 2025
    affected < 0.9.27-4.el10_1fixed 0.9.27-4.el10_1

    Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a

  • CVE-2025-22871CriApr 8, 2025
    affected < 0.9.27-3.el10_0fixed 0.9.27-3.el10_0

    The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.