EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2859)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2842)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which...

llvm-toolset:rhel8 bug fix and enhancement update

An update is available for module.libomp, module.llvm, clang, libomp, llvm, module.clang, module.compiler-rt, compiler-rt, python-lit, module.lld, module.lldb, module.python-lit, lldb, lld. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a...

SUSE-SU-2024:0045-1 Security update for gcc13

This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...

GHSA-2X7R-93WW-CXRQ Winter CMS Local File Inclusion through Server Side Template Injection

Impact Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. By default, only th...

Exploit for Improper Initialization in Linux Linux_Kernel

DirtyPipevirus Dirty Pipe is a kind of Linux exploit. Its C...

NewStart CGSL MAIN 6.06 : dhcp Vulnerability (NS-SA-2023-0091)

The remote NewStart CGSL host, running version MAIN 6.06, has dhcp packages installed that are affected by a vulnerability: - In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series are...

Blutter - Flutter Mobile Application Reverse Engineering Tool

Flutter Mobile Application Reverse Engineering Tool by Compiling Dart AOT Runtime Currently the application supports only Android libapp.so arm64 only. Also the application is currently work only against recent Dart versions. For high priority missing features, see TODO Environment Setup This...

Fedora 39 : golang (2023-e57f5a2301)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e57f5a2301 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...

Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities

Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer IntSan and BoundsSanitizer BoundSan, both of which are part of...

SUSE-SU-2023:4709-1 Security update for go1.21

This update for go1.21 fixes the following issues: Update to go1.21.5: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme bsc1217834. - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 bsc1216943. - CVE-2023-39326: net/http:...

SUSE-SU-2023:4708-1 Security update for go1.20

This update for go1.20 fixes the following issues: Update to go1.20.12: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme bsc1217834. - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 bsc1216943. - CVE-2023-39326: net/http:...

Unrestricted Unwrap Fee Changes: Instability, Market Disruption, and Loss of Trust

Lines of code Vulnerability details Impact The current changeUnwrapFee function in the Ocean smart contract allows the owner to change the unwrap fee divisor with no restrictions, leading to several negative impacts: 1. Unstable Unwrap Fees: Frequent changes in the divisor can cause instability a...

Security Bulletin: IBM Cloud Pak for Data Scheduling binaries were built with a go compiler with vulnerabilities( CVE-2023-39318, CVE-2023-39319, CVE-2023-39533 )

Summary Golang compiler is used to build the binaries of IBM Cloud Pak for Data Scheduling. Vulnerability Details CVEID:CVE-2023-39318 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker...

Interface improperly implemented

Lines of code 34, 34, 34, 34, 30, 31, 32, 34, 35, 38https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audi...

Fedora 37 : golang (2023-7e185b8c12)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7e185b8c12 advisory. Includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and...

SUSE: Security Advisory (SUSE-SU-2023:4480-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:4480-1 Security update for gcc13

This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20-openssl (SUSE-SU-2023:4472-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4472-1 advisory. - Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing...

SUSE-RU-2023:4416-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issue: - rebuild with current go compiler...