241 matches found
CVE-2024-44337
The CVE-2024-44337 entry affects the Go library github.com/gomarkdown/markdown. A logical flaw in the paragraph function of parser/block.go allowed a remote attacker to trigger an infinite loop, causing DoS by hangs and resource consumption. The issue existed prior to pseudoversion v0.0.0-2024072...
CVE-2024-44337
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
CVE-2024-47877
Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...
CVE-2024-47877 Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...
Extract 安全漏洞
Extract is a Go library open-sourced by codeclysm. It is used to extract archives in zip, tar.gz or tar.bz2 format. A security vulnerability exists in Extract versions prior to 4.0.0, which stems from a maliciously constructed archive file that allows an attacker to create symbolic links outside ...
Security update for buildah
This update for buildah fixes the following issues: CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction bsc1231208. CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library in cri-o nsc1231230. Pat...
GHSA-MC76-5925-C5P6 Link Following in github.com/containers/common
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
AZL-50103 CVE-2024-9341 affecting package cri-o for versions less than 1.22.3-9
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
AZL-50070 CVE-2024-9341 affecting package podman for versions less than 5.6.1-2
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
CVE-2024-9341 Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...
GHSA-C77R-FH37-X2PX OPA for Windows has an SMB force-authentication vulnerability
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...
OPA for Windows has an SMB force-authentication vulnerability
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...
CVE-2024-8260 OPA SMB Force-Authentication
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...
openSUSE Security Advisory (openSUSE-SU-2024:0244-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : apptainer (openSUSE-SU-2024:0244-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0244-1 advisory. - Make sure, digest values handled by the Go library github.com/opencontainers/go-digest and used throughout the Go-implemented containers...
OPENSUSE-SU-2024:0244-1 Security update for apptainer
This update for apptainer fixes the following issues: - Make sure, digest values handled by the Go library github.com/opencontainers/go-digest and used throughout the Go-implemented containers ecosystem are always validated. This prevents attackers from triggering unexpected authenticated registr...
CVE-2024-40639
...
golang: archive/zip: Incorrect handling of certain ZIP files
A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes [CVE-2019-11250]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes, caused by storing credentials in the log by the client-go library CVE-2019-11250. Kubernetes is included in the Speech utilities used by our service. This...