Lucene search
+L

343 matches found

Microsoft CVE
Microsoft CVE
added 2020/11/19 8:0 a.m.2 views

Arbitrary code execution via the go command with cgo in cmd/go

...

7.5CVSS7AI score0.02369EPSS
Exploits0
NVD
NVD
added 2020/11/18 5:15 p.m.21 views

CVE-2020-28367

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

7.5CVSS9.1AI score0.02369EPSS
Exploits0References6
OSV
OSV
added 2020/11/18 5:15 p.m.2 views

DEBIAN-CVE-2020-28367

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

7.5CVSS8.4AI score0.02369EPSS
Exploits0References1
OSV
OSV
added 2020/11/18 5:15 p.m.7 views

AZL-38452 CVE-2020-28366 affecting package python-tensorboard for versions less than 2.16.2-1

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

7.5CVSS7.8AI score0.02244EPSS
Exploits0References1
OSV
OSV
added 2020/11/18 5:15 p.m.3 views

DEBIAN-CVE-2020-28366

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

7.5CVSS8.4AI score0.02244EPSS
Exploits0References1
Prion
Prion
added 2020/11/18 5:15 p.m.27 views

Code injection

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

5.1CVSS7.9AI score0.02369EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2020/11/18 5:15 p.m.29 views

CVE-2020-28367

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

7.5CVSS7.7AI score0.02369EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/11/18 5:15 p.m.31 views

CVE-2020-28366

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

7.5CVSS7.7AI score0.02244EPSS
Exploits0References2
Prion
Prion
added 2020/11/18 5:15 p.m.34 views

Code injection

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

5.1CVSS7.9AI score0.02244EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2020/11/18 5:15 p.m.4 views

UBUNTU-CVE-2020-28367

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

7.5CVSS7.8AI score0.02369EPSS
Exploits0References3
OSV
OSV
added 2020/11/18 5:15 p.m.7 views

UBUNTU-CVE-2020-28366

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

7.5CVSS7.8AI score0.02244EPSS
Exploits0References3
CVE
CVE
added 2020/11/18 12:0 a.m.271 views

CVE-2020-28366

CVE-2020-28366 affects the Go toolchain: code injection/arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file, impacting go commands using cgo before Go 1.14.12 and Go 1.15.5. The described impact is at build time, not runtime, with a high-severity pr...

7.5CVSS8.1AI score0.02244EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2020/11/18 12:0 a.m.358 views

CVE-2020-28367

CVE-2020-28367 : Code injection in the go command with cgo allows arbitrary code execution at build time via malicious gcc flags in a #cgo directive. Affected: Go before 1.14.12 and before 1.15.5. Mitigation: upgrade to Go 1.14.12+ and 1.15.5+ (patches available per advisories).

7.5CVSS8.2AI score0.02369EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2020/11/18 12:0 a.m.36 views

CVE-2020-28366

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

7.5CVSS8.2AI score0.02244EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/11/18 12:0 a.m.30 views

CVE-2020-28367

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

7.5CVSS8.3AI score0.02369EPSS
Exploits0
Cvelist
Cvelist
added 2020/11/18 12:0 a.m.30 views

CVE-2020-28366 Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

8.1AI score0.02244EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/11/18 12:0 a.m.24 views

CVE-2020-28367 Arbitrary code execution via the go command with cgo in cmd/go

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

8.1AI score0.02369EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2020/11/18 12:0 a.m.38 views

CVE-2020-28367

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a cgo directive...

7.5CVSS8.3AI score0.02369EPSS
Exploits0
CNVD
CNVD
added 2020/11/17 12:0 a.m.7 views

Google Go Cmd/go Code Execution Vulnerability

Google Go Cmd/go is a codebase that provides command support for the Go language from the U.S. company Google Google. A code execution vulnerability exists in versions prior to go 1.15.5,1 that stems from the fact that when using cgo, the go command may execute arbitrary code at build time. This...

7.5CVSS8.2AI score0.03813EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/11/13 12:0 a.m.41 views

FreeBSD : go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo (db4b2f27-252a-11eb-865c-00155d646400)

The Go project reports : A number of math/big.Int methods Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqrt, Jacobi, and GCD can panic when provided crafted large inputs. For the panic to happen, the divisor or modulo argument must be larger than 3168 bits on 32-bit architectures or 63...

7.5CVSS6.9AI score0.03813EPSS
Exploits0References7
Rows per page
Query Builder