51 matches found
ROS-20260710-73-0031
The vulnerability of the Go programming language is related to the incorrect definition of the link before accessing a file. Exploiting this vulnerability can allow an attacker to increase their privileges...
image-builder security update
An update is available for image-builder. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A local binary for building customized OS artifacts such as VM images a...
net/textproto: golang: Golang net/textproto: Misleading error messages via input injection
A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...
quic-go 安全漏洞
Quic-go is a implementation of the QUIC protocol and RFC 9000 protocol in Go, developed by Lucas Clemente. Versions of quic-go prior to 0.59.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size constraints on the decoded trailer fields in the HTTP/3...
Important: Red Hat Security Advisory: rhc security update
An update for rhc is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
The vulnerability of the Go programming language, which comes with unlimited resource distribution, allows attackers to cause service failures.
The vulnerability of the Go programming language is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
Astra Linux – Vulnerability in Golang-1.19, Golang-1.23
Canceling a query for example, by canceling the context passed to one of the query methods during a call to the Scan method of the returned Rows can lead to unexpected results if other queries are being executed in parallel. This can cause a race condition, which may overwrite the expected result...
RHEL 9 : grafana-pcp (RHSA-2026:19351)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19351 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...
ROS-20260507-73-0012
Vulnerability in golang related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go; this vulnerability arises from parsing email addresses according to RFC 5322. Pathological inputs may...
RHCOS 4 : OpenShift Container Platform 4.8.15 (RHSA-2021:3820)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3820 advisory. - jenkins: improper permission checks allow canceling queue items and aborting builds CVE-2021-21670 - jenkins: session fixation...
RHCOS 4 : OpenShift Container Platform 4.6.6 (RHSA-2020:5159)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5159 advisory. - golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs CVE-2020-16845 Note that Nessus has not tested...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
ROS-20260430-73-0016
Vulnerability in golang related to errors in certificate authentication procedure. The vulnerability can be exploited remotely...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from improper context tracking in JavaScript template literals. This can lead to content...
ROS-20260327-73-0016
Vulnerability in golang related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-1606)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.CVE-2025-58185 When Conn.Handshake fai...
AlmaLinux 9 : osbuild-composer (ALSA-2026:3753)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3753 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: archive/zip: Excessive CPU...