Lucene search
K

11 matches found

F5 Networks
F5 Networks
added 2025/07/16 7:39 p.m.11 views

K000152608: Golang vulnerabilities CVE-2023-39320, CVE-2023-39323, CVE-2023-45289, and CVE-2024-24788

Security Advisory Description CVE-2023-39320 The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command...

9.8CVSS7.7AI score0.01762EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/18 2:18 p.m.50 views

Security Bulletin: IBM Cloud Pak for Data Scheduling contains a vulnerable yq package. [CVE-2023-39320, CVE-2023-39321 and CVE-2023-39322]

Summary Yq is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities. Vulnerability Details CVEID:CVE-2023-39320 DESCRIPTION: Golang Go could allow a remote...

9.8CVSS8.3AI score0.01424EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.34 views

openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:3701-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.01424EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/17 12:0 a.m.48 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21-openssl (SUSE-SU-2023:4469-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4469-1 advisory. - The html/template package does not properly handle HTML-like comment tokens, nor hashbang !...

9.8CVSS7.8AI score0.99999EPSS
Exploits19References33
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/15 1:35 p.m.33 views

Security Bulletin: Operations Dashboard is vulnerable to remote code execution due to Go

Summary Operations Dashboard is vulnerable to remote code execution due to Go CVE-2023-39320 with details below. The vulnerability has been addressed. Vulnerability Details CVEID: CVE-2023-39320 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused b...

9.8CVSS8.5AI score0.01424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/30 4:16 p.m.45 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go with details below CVE-2023-39320, CVE-2023-39321, CVE-2023-39322. The vulnerabilities have been addressed. Vulnerabili...

9.8CVSS9.3AI score0.01424EPSS
Exploits0Affected Software2
Chainguard
Chainguard
added 2023/09/08 5:15 p.m.69 views

CVE-2023-39320 vulnerabilities

Vulnerabilities for packages: metrics-server...

9.8CVSS7.4AI score0.01424EPSS
Exploits0
NVD
NVD
added 2023/09/08 5:15 p.m.22 views

CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

9.8CVSS9.6AI score0.01424EPSS
Exploits0References6
Wolfi
Wolfi
added 2023/09/08 5:15 p.m.51 views

CVE-2023-39320 vulnerabilities

Vulnerabilities for packages: metrics-server...

9.8CVSS7.7AI score0.01424EPSS
Exploits0
OSV
OSV
added 2023/09/08 5:15 p.m.4 views

BELL-CVE-2023-39320

Bulletin has no description...

9.8CVSS7AI score0.01424EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/08 4:13 p.m.29 views

CVE-2023-39320 Arbitrary code execution via go.mod toolchain directive in cmd/go

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

9.8AI score0.01424EPSS
Exploits0References6
Rows per page
Query Builder