Lucene search
K

2020 matches found

RedHat Linux
RedHat Linux
added 2019/11/13 4:48 p.m.6 views

golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling

It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or ...

7.5CVSS7.3AI score0.05157EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/11/05 9:23 p.m.5 views

golang: malformed hosts in URLs leads to authorization bypass

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

9.8CVSS7.4AI score0.08359EPSS
Exploits1References6
CNVD
CNVD
added 2019/10/29 12:0 a.m.3 views

Apache Thrift Out-of-Bounds Read Vulnerability

Apache Thrift is an interface definition language and binary communication protocol for defining and creating services for multiple languages. Apache Thrift suffers from an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by invalidating input data to cause a panic...

7.5CVSS8.6AI score0.06793EPSS
Exploits0References1
OSV
OSV
added 2019/10/24 10:15 p.m.6 views

UBUNTU-CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

7.5CVSS6.9AI score0.04693EPSS
Exploits1References5
Prion
Prion
added 2019/10/24 10:15 p.m.29 views

Code injection

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

5CVSS7.3AI score0.04693EPSS
Exploits1References13Affected Software11
Cvelist
Cvelist
added 2019/10/24 9:7 p.m.23 views

CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

7.5AI score0.04693EPSS
Exploits1References13
BDU FSTEC
BDU FSTEC
added 2019/10/16 12:0 a.m.3 views

The vulnerability of the `net/url` function in the Go programming language allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service interruptions.

The vulnerability of the net/url function in the Go programming language is related to an error in processing constructed path names in URL addresses, which leads to authentication bypass. Exploiting this vulnerability allows an attacker to compromise data integrity, gain unauthorized access to...

10CVSS7.8AI score0.08359EPSS
Exploits1References8Affected Software5
Carbon Black Blog
Carbon Black Blog
added 2019/10/09 5:0 p.m.70 views

How We Developed Our EQR Plugins

Extensible Analytics with EQR’s Lightweight, Ultra-Performance Plugin System I’ve written a few posts now on the plans and development of EQR Event Query Router, the open-source tool we built to give data scientists the ability to execute large-scale queries on real-time big data streams without...

7.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/03 10:50 p.m.27 views

Security Bulletin: IBM Cloud Private for Data is affected by a vulnerability in Go Language (CVE-2019-6486)

Summary IBM Cloud Private for Data is affected by a denial of service vulnerability in Open Source Go Language which could allow a local attacker to consume all available CPU resources. Vulnerability Details CVEID: CVE-2019-6486 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused ...

8.2CVSS0.8AI score0.04326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/03 10:50 p.m.29 views

Security Bulletin: IBM Cloud Private for Data is affected by multiple vulnerabilties in Go Language (CVE-2018-16874, CVE-2018-16873, CVE-2018-16875)

Summary IBM Cloud Private for Data is affected by multiple vulnerabilities in Open Source Go Language which could allow a remote attacker to traverse directories on the system, to execute arbitrary code on the system, or mount a denial of service attack. Vulnerability Details CVEID: CVE-2018-1687...

8.1CVSS1.4AI score0.66252EPSS
Exploits0Affected Software1
AlpineLinux
AlpineLinux
added 2019/09/30 6:40 p.m.44 views

CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling...

7.5CVSS7.8AI score0.05157EPSS
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/09/23 3:24 p.m.58 views

Building a New Language for Data Processing

Building a New Language for Data Translation In previous posts, we’ve talked about the plan for and implementation of EQR Event Query Router—a system we created to solve the problem of querying large quantities of disparate data by end-user analysts in real-time. As with any major project, we fac...

7.6AI score
Exploits0
Kitploit
Kitploit
added 2019/09/10 8:33 p.m.313 views

Botb - A Container Analysis And Exploitation Tool For Pentesters And Engineers

BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post...

8.6CVSS8.2AI score0.9857EPSS
Exploits34References9
OSV
OSV
added 2019/08/13 9:15 p.m.7 views

AZL-78948 CVE-2019-14809 affecting package golang 1.25.7-1

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

9.8CVSS7.2AI score0.08359EPSS
Exploits1References1
OSV
OSV
added 2019/08/13 9:15 p.m.2 views

UBUNTU-CVE-2019-14809

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

9.8CVSS7.3AI score0.08359EPSS
Exploits1References7
Cvelist
Cvelist
added 2019/08/13 8:54 p.m.17 views

CVE-2019-14809

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

7.5AI score0.08359EPSS
Exploits1References13
The Hacker News
The Hacker News
added 2019/07/10 2:0 p.m.1 views

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices

A new ransomware family has been found targeting Linux-based Network Attached Storage NAS devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/06/18 5:21 p.m.137 views

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.1CVSS6.7AI score0.02346EPSS
Exploits1References2
Securelist
Securelist
added 2019/05/23 10:0 a.m.3223 views

IT threat evolution Q1 2019

Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor's past behaviour, ...

7.2CVSS7.8AI score0.96274EPSS
Exploits13
OSV
OSV
added 2019/05/22 5:29 p.m.3 views

DEBIAN-CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

5.9CVSS7.2AI score0.02002EPSS
Exploits2References1
Rows per page
Query Builder