Lucene search
K

176 matches found

ibm
ibm
added 2025/08/04 7:13 a.m.13 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871"

Summary IBM Maximo Application Suite uses " axios, http-proxy-middleware and net/http package " which is vulnerable to "CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871". This bulletin contains information regarding the vulnerability and how to address it. Vulnerability Details...

9.1CVSS6.7AI score0.00778EPSS
Exploits1Affected Software1
nessus
nessus
added 2025/07/11 12:0 a.m.6 views

CBL Mariner 2.0 Security Update: golang (CVE-2025-25199)

The version of golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-25199 advisory. - go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation CNG. Prior to comm...

7.5CVSS5.5AI score0.0139EPSS
Exploits0References2
osv
osv
added 2025/07/03 12:0 a.m.1 views

OPENSUSE-SU-2025:15223-1 go1.23-1.23.10-1.1 on GA media

These are all security issues fixed in the go1.23-1.23.10-1.1 package on the GA media of openSUSE Tumbleweed...

6.8CVSS6.7AI score0.0056EPSS
Exploits0References2
snyk
snyk
added 2025/06/26 9:25 p.m.3 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when processing malformed data. An attacker can access sensitive information by submitting specially crafted malformed input that causes error messages to include confidential data in...

6.7CVSS6.7AI score0.00275EPSS
Exploits0References2
redhat
redhat
added 2025/06/24 12:31 p.m.10 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
nessus
nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 3: git-lfs (TSSA-2023:0145)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0145 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS7AI score0.05623EPSS
Exploits4References11
redhat
redhat
added 2025/06/12 6:30 a.m.2 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References8
osv
osv
added 2025/06/11 5:15 p.m.4 views

AZL-63735 CVE-2025-4673 affecting package golang for versions less than 1.23.10-1

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.7AI score0.0056EPSS
Exploits0References1
archlinux
archlinux
added 2025/06/07 12:0 a.m.26 views

[ASA-202506-4] go: multiple issues

Arch Linux Security Advisory ASA-202506-4 ========================================= Severity: Medium Date : 2025-06-07 CVE-ID : CVE-2025-4673 CVE-2025-22874 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2896 Summary ======= The package go before versio...

7.5CVSS6.8AI score0.0056EPSS
Exploits0References7
nessus
nessus
added 2025/06/04 12:0 a.m.7 views

Oracle Linux 8 : go-toolset:ol8 (ELSA-2025-8478)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8478 advisory. delve 1.24.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev golang 1.23.9-1 - Update to Go 1.23.9 - Resolves: RHEL-94636 go-toolset 1.23.9-1 ...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References2
nessus
nessus
added 2025/06/04 12:0 a.m.8 views

Oracle Linux 9 : golang (ELSA-2025-8476)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8476 advisory. 1.23.9-1 - Update to Go 1.23.9 - Remove runtime-usleep-s390x.patch, already merged - Resolves: RHEL-93212 Tenable has extracted the preceding description block...

9.1CVSS7.1AI score0.00778EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 10:6 a.m.7 views

CVE-2024-28232

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

7.5CVSS6.7AI score0.00618EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 7:13 a.m.6 views

CVE-2024-35232

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...

3.7CVSS4.2AI score0.00504EPSS
Exploits0References1
archlinux
archlinux
added 2025/05/19 12:0 a.m.26 views

[ASA-202505-12] go: directory traversal

Arch Linux Security Advisory ASA-202505-12 ========================================== Severity: Low Date : 2025-05-19 CVE-ID : CVE-2025-22873 Package : go Type : directory traversal Remote : No Link : https://security.archlinux.org/AVG-2878 Summary ======= The package go before version 2:1.24.3-1...

3.8CVSS6.3AI score0.00238EPSS
Exploits0References5
nessus
nessus
added 2025/05/14 12:0 a.m.10 views

Alibaba Cloud Linux 3 : 0144: grafana (ALINUX3-SA-2022:0144)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-43813: Grafana is an open-source...

7.5CVSS7.1AI score0.57499EPSS
Exploits0References4
ibm
ibm
added 2025/04/15 3:24 a.m.31 views

Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to exposure of sensitive information, SSRF and gaining elevated privileges

Summary IBM Fusion HCI and IBM Fusion user interfaces are affected by vulnerabilities in Node.js packages follow-redirects, axios, webpack, and Go package Beego. Vulnerabilities include remote authenticated exposure of sensitive information, server-side request forgery, and cross-site scripting...

8.8CVSS8.4AI score0.01414EPSS
Exploits4Affected Software3
osv
osv
added 2025/04/03 12:0 a.m.5 views

OPENSUSE-SU-2025:14963-1 go1.24-1.24.2-1.1 on GA media

These are all security issues fixed in the go1.24-1.24.2-1.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS9.6AI score0.00778EPSS
Exploits0References2
ossf
ossf
added 2025/03/19 11:58 p.m.7 views

Malicious code in github.com/ornatedoctrin/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9edf608032bbc84563da5c04376d6add49123c8fdba94883c239857eb45afc40 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

6.9AI score
Exploits0References1
ossf
ossf
added 2025/03/19 11:54 p.m.7 views

Malicious code in github.com/boltdb-go/bolt (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9323424d3dfc7569b307842f79fb0c4bd960808214ec219f536fd5bb747422b2 This malicious Go package is a typosquat of the legitimate BoltDB package. It contains a backdoor that enables remote code execution...

7.6AI score
Exploits0References1
osv
osv
added 2025/03/19 11:54 p.m.4 views

MAL-2025-2545 Malicious code in github.com/boltdb-go/bolt (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9323424d3dfc7569b307842f79fb0c4bd960808214ec219f536fd5bb747422b2 This malicious Go package is a typosquat of the legitimate BoltDB package. It contains a backdoor that enables remote code execution...

7.7AI score
Exploits0References1
Rows per page
Query Builder