Lucene search
K

176 matches found

Microsoft CVE
Microsoft CVE
added 2024/07/23 12:0 a.m.3 views

CVE-2021-43565

...

7.5CVSS6.8AI score0.00984EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.14 views

Photon OS 2.0: Go PHSA-2019-2.0-0175

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0175. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid203088...

9.8CVSS8.8AI score0.08359EPSS
Exploits1References2
Redos
Redos
added 2024/07/18 12:0 a.m.28 views

ROS-20240718-03

Vulnerability of the JWE, JWS, JWT go-jose standards set implementation package for Go programming language is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...

4.3CVSS6.9AI score0.01956EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 2:58 p.m.7 views

Security Bulletin: A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard.

Summary A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the issues. Vulnerability Details IBM X-Force ID: 255317 DESCRIPTION: Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log write...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 12:45 p.m.24 views

Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the Go package has been addressed. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown impact and attack vector. CVSS Base...

5.3CVSS7.1AI score0.00817EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 12:45 p.m.23 views

Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the Go package has been addressed. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote...

7.5CVSS8.4AI score0.01111EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/05/24 9:15 p.m.32 views

CVE-2024-35232

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...

3.7CVSS4.1AI score0.00504EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/24 8:44 p.m.44 views

CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...

3.7CVSS4AI score0.00504EPSS
Exploits0References5
CVE
CVE
added 2024/05/24 8:44 p.m.87 views

CVE-2024-35232

The CVE-2024-35232 issue affects github.com/huandu/facebook, a Go package for Facebook Graph API usage. The root cause is that an access_token can be exposed in error messages during HTTP request failures, enabling potential information disclosure if logs or clients capture those messages. The vu...

3.7CVSS4AI score0.00504EPSS
Exploits0References5
OSV
OSV
added 2024/05/08 4:15 p.m.6 views

AZL-40480 CVE-2024-24788 affecting package golang for versions less than 1.22.3-1

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop...

5.9CVSS6.8AI score0.01001EPSS
Exploits0References1
NVD
NVD
added 2024/04/01 5:15 p.m.30 views

CVE-2024-28232

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

7.5CVSS6.2AI score0.00618EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/01 4:42 p.m.48 views

CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

6.2CVSS6.4AI score0.00618EPSS
Exploits1References2
OSV
OSV
added 2024/04/01 4:42 p.m.27 views

CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

6.2CVSS6.3AI score0.00618EPSS
Exploits1References4
CVE
CVE
added 2024/04/01 4:42 p.m.89 views

CVE-2024-28232

The CVE-2024-28232 entry concerns a username enumeration flaw in CasaOS-UserService (CasaOS Login page). The issue arises because the login responses reveal whether a username exists, enabling enumeration. It was patched in CasaOS v0.4.8, though that version had not yet been uploaded to Go's pack...

7.5CVSS6.1AI score0.00618EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/30 11:54 p.m.30 views

Improper Preservation of Permissions in etcd

Vulnerability type Access Controls Detail etcd creates certain directory paths etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...

7.1CVSS6.5AI score0.00227EPSS
Exploits0References6Affected Software1
Photon
Photon
added 2023/12/22 12:0 a.m.35 views

Important Photon OS Security Update - PHSA-2023-4.0-0531

Updates of 'go', 'vim' packages of Photon OS have been released...

6.1AI score
Exploits0
Photon
Photon
added 2023/12/21 12:0 a.m.51 views

Important Photon OS Security Update - PHSA-2023-3.0-0702

Updates of 'go', 'vim' packages of Photon OS have been released...

6.1AI score
Exploits0
Photon
Photon
added 2023/12/21 12:0 a.m.44 views

Important Photon OS Security Update - PHSA-2023-5.0-0176

Updates of 'go', 'vim' packages of Photon OS have been released...

6.1AI score
Exploits0
OSV
OSV
added 2023/12/04 11:13 p.m.5 views

GHSA-J3RQ-4XJW-XG63 Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks

Impact Any CLI command issued to a Coordinator after the Manifest has been set, is susceptible to be redirected to another MarbleRun Coordinator instance, which runs the same binary, but potentially a different manifest. Patches The issue has been patched in v1.4.0 Workarounds Directly using the...

7.2AI score
Exploits0References3
Cvelist
Cvelist
added 2023/12/04 11:12 p.m.31 views

CVE-2023-49292 Possible private key restoration in go package github.com/ecies/go

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...

4.9CVSS5.3AI score0.00335EPSS
Exploits1References4
Rows per page
Query Builder