CLSA-2026-1778109988 toolbox: Fix of 9 CVEs

Rebuild with golang = 1.22.5 to fix CVE-2022-1705, CVE-2022-41717, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319, CVE-2023-39326, CVE-2023-45290, CVE-2024-24785, CVE-2024-24791...

CVE-2026-39326

creationtimestamp| type| source ---|---|--- 2026-04-07 19:32:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwjfl5pyy2z 2026-04-07 19:35:24+00:00| seen| Telegram/d9ntGhgAXUNib3HVhoGCh5gTeuhEkXLp8JxGb0TRA4y7Jks 2026-04-08 09:07:42+00:00| seen|...

MiracleLinux 9 : skopeo-1.13.3-4.el9_3 (AXSA:2024-7582:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7582:01 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 Tenable has extracted the preceding description...

MiracleLinux 9 : golang-1.20.12-1.el9_3 (AXSA:2024-7583:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7583:01 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when...

MAL-2025-39326 Malicious code in winradio (npm)

The package winradio was found to contain malicious code...

K000152677: Golang net/http vulnerabilities CVE-2023-39326 and CVE-2024-24791

Security Advisory Description CVE-2023-39326 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2024:0075)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0075 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 1.0.5 Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the net/http package. By sending a specially crafted HTTP...

Linux Distros Unpatched Vulnerability : CVE-2023-39326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are i...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2024-2468)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-2468)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: docker

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-045 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body ...

Amazon Linux 2 : nerdctl (ALAS-2024-2618)

The version of nerdctl installed on the remote host is prior to 1.7.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2618 advisory. 2024-08-28: CVE-2024-24790 was added to this advisory. A malicious HTTP sender can use chunk extensions to cause a receive...

Photon OS 4.0: Go PHSA-2023-4.0-0531

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0531. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid204491...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2024-2030)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...

Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to information disclosure and denial of service due to Go vulnerabilities CVE-2023-45287, CVE-2023-39326, and CVE-2024-24786

Summary Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to information disclosure and denial of service due to Go vulnerabilities CVE-2023-45287, CVE-2023-39326, and CVE-2024-24786. These have been remediated. Vulnerability Details CVEID:CVE-2023-45287 DESCRIPTION: Golang Go...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)

Summary Potential Golang Go Information disclosure vulnerabilitiy.CVE-2023-39326 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)

Summary Potential Golang Go Information disclosure vulnerabilitiy.CVE-2023-39326 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go...

Important: Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift

Network Observability 1.6 for Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...