176 matches found
Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871"
Summary IBM Maximo Application Suite uses " axios, http-proxy-middleware and net/http package " which is vulnerable to "CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871". This bulletin contains information regarding the vulnerability and how to address it. Vulnerability Details...
CBL Mariner 2.0 Security Update: golang (CVE-2025-25199)
The version of golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-25199 advisory. - go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation CNG. Prior to comm...
OPENSUSE-SU-2025:15223-1 go1.23-1.23.10-1.1 on GA media
These are all security issues fixed in the go1.23-1.23.10-1.1 package on the GA media of openSUSE Tumbleweed...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when processing malformed data. An attacker can access sensitive information by submitting specially crafted malformed input that causes error messages to include confidential data in...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
TencentOS Server 3: git-lfs (TSSA-2023:0145)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0145 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
AZL-63735 CVE-2025-4673 affecting package golang for versions less than 1.23.10-1
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
[ASA-202506-4] go: multiple issues
Arch Linux Security Advisory ASA-202506-4 ========================================= Severity: Medium Date : 2025-06-07 CVE-ID : CVE-2025-4673 CVE-2025-22874 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2896 Summary ======= The package go before versio...
Oracle Linux 8 : go-toolset:ol8 (ELSA-2025-8478)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8478 advisory. delve 1.24.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev golang 1.23.9-1 - Update to Go 1.23.9 - Resolves: RHEL-94636 go-toolset 1.23.9-1 ...
Oracle Linux 9 : golang (ELSA-2025-8476)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8476 advisory. 1.23.9-1 - Update to Go 1.23.9 - Remove runtime-usleep-s390x.patch, already merged - Resolves: RHEL-93212 Tenable has extracted the preceding description block...
CVE-2024-28232
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...
CVE-2024-35232
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...
[ASA-202505-12] go: directory traversal
Arch Linux Security Advisory ASA-202505-12 ========================================== Severity: Low Date : 2025-05-19 CVE-ID : CVE-2025-22873 Package : go Type : directory traversal Remote : No Link : https://security.archlinux.org/AVG-2878 Summary ======= The package go before version 2:1.24.3-1...
Alibaba Cloud Linux 3 : 0144: grafana (ALINUX3-SA-2022:0144)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-43813: Grafana is an open-source...
Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to exposure of sensitive information, SSRF and gaining elevated privileges
Summary IBM Fusion HCI and IBM Fusion user interfaces are affected by vulnerabilities in Node.js packages follow-redirects, axios, webpack, and Go package Beego. Vulnerabilities include remote authenticated exposure of sensitive information, server-side request forgery, and cross-site scripting...
OPENSUSE-SU-2025:14963-1 go1.24-1.24.2-1.1 on GA media
These are all security issues fixed in the go1.24-1.24.2-1.1 package on the GA media of openSUSE Tumbleweed...
Malicious code in github.com/ornatedoctrin/layout (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9edf608032bbc84563da5c04376d6add49123c8fdba94883c239857eb45afc40 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...
Malicious code in github.com/boltdb-go/bolt (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9323424d3dfc7569b307842f79fb0c4bd960808214ec219f536fd5bb747422b2 This malicious Go package is a typosquat of the legitimate BoltDB package. It contains a backdoor that enables remote code execution...
MAL-2025-2545 Malicious code in github.com/boltdb-go/bolt (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9323424d3dfc7569b307842f79fb0c4bd960808214ec219f536fd5bb747422b2 This malicious Go package is a typosquat of the legitimate BoltDB package. It contains a backdoor that enables remote code execution...