Lucene search
+L

176 matches found

Positive Technologies
Positive Technologies
added 2023/11/21 12:0 a.m.2 views

PT-2023-36290 · Suse · Container-Suseconnect

Name of the Vulnerable Software and Affected Versions: container-suseconnect affected versions not specified Description: The issue is related to a security release in the go 1.21 package. The container-suseconnect package has been rebuilt with this security release to address the issue. There is...

7AI score
Exploits0References3
OSV
OSV
added 2023/11/18 12:30 a.m.18 views

GHSA-3F2Q-6294-FMQ5 Inefficient Regular Expression Complexity in git-urls

git-urls version 1.0.1 is vulnerable to ReDOS Regular Expression Denial of Service in Go package...

7.5CVSS5.5AI score0.0085EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/11/18 12:30 a.m.39 views

Inefficient Regular Expression Complexity in git-urls

git-urls version 1.0.1 is vulnerable to ReDOS Regular Expression Denial of Service in Go package...

7.5CVSS6.6AI score0.0085EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/11/17 12:0 a.m.410 views

CVE-2023-46402

Git-URLs 1.0.0 is vulnerable to a Regular Expression Denial of Service (ReDOS) in urls.go. Connected Fedora advisories confirm a bugfix mitigating CVE-2023-46402, e.g., updating to golang-github-chainguard-dev-git-urls 1.0.2 for Fedora 41. No additional exploit details are provided in the connect...

7.5CVSS7.4AI score0.0085EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/11/09 8:51 a.m.25 views

OPENSUSE-SU-2023:0360-1 Security update for go1.21

This update introduces go1.21, including fixes for the following issues: - go1.21.3 released 2023-10-10 includes a security fix to the net/http package. Refs boo1212475 go1.21 release tracking CVE-2023-39325 CVE-2023-44487 go63427 go63417 boo1216109 security: fix CVE-2023-39325 CVE-2023-44487...

9.8CVSS7.7AI score0.99999EPSS
Exploits19References19
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.29 views

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:1746)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1746 advisory. - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb duri...

7.5CVSS7.4AI score0.06497EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.5 views

PT-2023-36285 · Unknown · Cni-Plugins

Name of the Vulnerable Software and Affected Versions: cni-plugins affected versions not specified Description: The issue is related to a security release in the go 1.21 package, which is used to rebuild the cni-plugins package. Recommendations: At the moment, there is no information about a newe...

6.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.8 views

PT-2023-36258 · Suse · Container-Suseconnect

Name of the Vulnerable Software and Affected Versions: container-suseconnect affected versions not specified Description: The issue is related to a security release in the go 1.21 package. The update rebuilds the container-suseconnect package with this security release. No information is provided...

7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.3 views

PT-2023-36247 · Suse · Container-Suseconnect

Name of the Vulnerable Software and Affected Versions: container-suseconnect affected versions not specified Description: The issue is related to a security release in the go 1.20 package. The container-suseconnect package has been rebuilt with this security release to address the issue. There is...

7AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/08/07 5:18 a.m.169 views

CVE-2023-29409

A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying...

5.3CVSS6.2AI score0.01328EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.4 views

PT-2023-36201 · Go +1 · Go +1

Name of the Vulnerable Software and Affected Versions: kubernetes version 1.24 Description: The issue is related to a security release in the go 1.20 package, which is used by kubernetes. The package has been rebuilt with the go 1.20 security release to address the issue. Recommendations: For...

7.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.5 views

PT-2023-36204 · Cosign +1 · Cosign +1

Name of the Vulnerable Software and Affected Versions: cosign affected versions not specified Description: The issue is related to a security release in the go 1.20 package. The cosign package has been rebuilt with this security release to address the issue. No information is provided about the...

7AI score
Exploits0References3
OSV
OSV
added 2023/05/30 3:30 p.m.26 views

GHSA-MV7X-27PC-8C96 Go package pydio/cells vulnerable to authorization bypass

A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. I...

4.3CVSS4.5AI score0.00723EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.4 views

PT-2023-36181 · Go +1 · Go +1

Name of the Vulnerable Software and Affected Versions: kubernetes1.18 version 1.18 Description: The issue is related to a security release in the go 1.19 package, which is used by kubernetes1.18. The package has been rebuilt with the go 1.19 security release to address the issue. Recommendations:...

7.2AI score
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.21 views

Security Bulletin: IBM CICS TX Standard is vulnerable to a denial of service, caused by improper logic in the Yaml Go package decode.go function.

Summary IBM CICS TX Standard is vulnerable to a denial of service, caused by improper logic in the Yaml Go package decode.go function. The fix removes this vulnerability from IBM CICS TX Standard. Vulnerability Details IBM X-Force ID: 221571 DESCRIPTION: Yaml Go package is vulnerable to a denial ...

6.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.20 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to a denial of service, caused by improper logic in the Yaml Go package decode.go function.

Summary IBM CICS TX Advanced is vulnerable to a denial of service, caused by improper logic in the Yaml Go package decode.go function. The fix removes this vulnerability from IBM CICS TX Advanced. Vulnerability Details IBM X-Force ID: 221571 DESCRIPTION: Yaml Go package is vulnerable to a denial ...

6.9AI score
Exploits0Affected Software1
Snyk
Snyk
added 2023/02/07 11:55 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found. PoC bash go install...

6.1CVSS5.3AI score0.00691EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2022/12/28 12:0 a.m.43 views

YAML Go package vulnerable to denial of service

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

5.5CVSS4.3AI score0.00415EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.5 views

noise 安全漏洞

noise is a Flynn open source Go package that implements the noise protocol framework. A security vulnerability exists in noise, which stems from a weakened cryptographic security of the Noise Protocol implementation after encrypting 2^64 messages, and a potential denial-of-service attack...

7.5CVSS7.2AI score0.00354EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.5 views

nosurf 输入验证错误漏洞

nosurf is an HTTP package for Go by Justinas Stankevičius, a personal developer. It helps you prevent cross-site request forgery attacks. A security vulnerability exists in nosurf that stems from incorrect validation of user input...

7.5CVSS7.1AI score0.00722EPSS
Exploits0References4
Rows per page
Query Builder