MiracleLinux 9 : golang-1.20.12-1.el9_3 (AXSA:2024-7583:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7583:01 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2024:0075)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0075 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2023-45285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using go get to fetch a module with the .git suffix may unexpectedly fallback to the insecure git:// protocol if the module is unavailable via the secure https:...

Photon OS 4.0: Go PHSA-2023-4.0-0531

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0531. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid204491...

CVE-2023-45285 affecting package msft-golang for versions less than 1.22.3-1.

CVE-2023-45285 affecting package msft-golang for versions less than 1.22.3-1.. A patched version of the package is available...

Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).

Summary Golang Go is used by IBM Event Streams and could allow a remote attacker to obtain sensitive information, caused by a flaws in modules with ".git" suffix and in the net/http package. By sending specially crafted requests, an attacker can attain these privileges. Vulnerability Details...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to directory traversal due to golang compiler ( CVE-2023-45283,CVE-2023-45284, CVE-2023-45285 )

Summary Golang compiler is used by IBM Cloud Pak for Data Scheduling to create the scheduler binaries. Vulnerability Details CVEID:CVE-2023-45283 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by the failure to recognize paths with a ??\ prefix...

Security Bulletin: There are vulnerabilities in Golang related packages that are shipped with IBM CICS TX Advanced (CVE-2023-45285 and CVE-2023-39326).

Summary There are vulnerabilities in Golang related packages that are shipped with IBM CICS TX Advanced. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go could allow a remote attacker to obtain...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1313)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1214)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1236)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1335)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1313)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...

Oracle Linux 9 : golang (ELSA-2024-1131)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1131 advisory. 1.20.12-1 - Rebase to 1.20.12 - Fix CVE-2023-45285 CVE-2023-39326 Tenable has extracted the preceding description block directly from the Oracle Linux...

golang security update

1.20.12-1 - Rebase to 1.20.12 - Fix CVE-2023-45285 CVE-2023-39326...

Moderate: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-45285 For more details about the security...

ALSA-2024:1131 Moderate: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-45285 For more details about the security...

openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:4709-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4708-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...