32 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-24553
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Note...
Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2020-24553)
The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-24553 advisory. - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default f...
CVE-2020-24553 affecting package python-tensorboard for versions less than 2.16.2-2
CVE-2020-24553 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...
BELL-CVE-2020-24553 CVE-2020-24553 does not affect BellSoft software
Bulletin has no description...
Mageia: Security Advisory (MGASA-2020-0424)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:2761-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 3.0: Go PHSA-2021-3.0-0248
An update of the go package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0248. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
CentOS 8 : go-toolset:rhel8 (CESA-2020:5493)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5493 advisory. - golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS CVE-2020-24553 - golang: math/big: panic during recursive...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-1073)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Serverless Client kn 1.12.0
Red Hat OpenShift Serverless Client kn 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the C...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS CVE-2020-24553 golang: math/big: panic during recursive division of very large numbers...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2020-2548)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2020-2512)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : golang (EulerOS-SA-2020-2548)
According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...
EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-2512)
According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...
SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2020:2761-1)
This update for go1.14 fixes the following issues : go1.14.9 released 2020-09-09 includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages. Refs bsc1164903 go1.14 release tracking - go41192 net/http/fcgi: race detected during execution of...
CVE-2020-24553 affecting package golang 1.13.15-2
CVE-2020-24553 affecting package golang 1.13.15-2. A patched version of the package is available...
Amazon Linux AMI : golang (ALAS-2020-1445)
The version of golang installed on the remote host is prior to 1.15.3-1.63. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1445 advisory. Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a...
Updated golang packages fix a security vulnerability
A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing fo...