CVE-2023-33959 Verification bypass can cause users into verifying the wrong artifact

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

AZL-47227 CVE-2022-41722 affecting package golang for versions less than 1.22.7-2

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative if invalid path into an absolute path could enable a directory traversal...

Fedora: Security Advisory for golang-oras-1 (FEDORA-2023-c9b2182a4e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-oras-2 (FEDORA-2023-c9b2182a4e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-oras-1-1.2.1-1.fc36

ORAS Go library...

[SECURITY] Fedora 38 Update: golang-oras-1-1.2.1-1.fc38

ORAS Go library...

Fedora: Security Advisory for golang-oras-1 (FEDORA-2023-4e2068ba5d)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-oras-1 (FEDORA-2023-6550d9323b)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-oras-2 (FEDORA-2023-4e2068ba5d)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-oras-2 (FEDORA-2023-6550d9323b)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

agnivade easy-scrypt 安全漏洞

easy-scrypt is a primitive scrypt library available in Go by Agniva De Sarker's personal developer. A security vulnerability exists in agnivade easy-scrypt. An attacker has exploited the vulnerability to cause observable time discrepancies...

CVE-2022-41912 crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

HTTP Request Smuggling

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report:Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including...

DEBIAN-CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

Fedora: Security Advisory for golang-github-cpu-goacmedns (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-j-keck-arping-1.0.2-4.fc36

Arping is a native Go library to ping a host per arp datagram, or query a host mac address...

[SECURITY] Fedora 36 Update: golang-github-google-containerregistry-0.5.1-6.fc36

Go library and CLIs for working with container registries...

[SECURITY] Fedora 36 Update: golang-github-cpu-goacmedns-0.1.1-6.fc36

A Go library to handle acme-dns client communication and persistent account storage...