176 matches found
CVE-2021-43565
...
Photon OS 2.0: Go PHSA-2019-2.0-0175
An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0175. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid203088...
ROS-20240718-03
Vulnerability of the JWE, JWS, JWT go-jose standards set implementation package for Go programming language is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...
Security Bulletin: A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard.
Summary A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the issues. Vulnerability Details IBM X-Force ID: 255317 DESCRIPTION: Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log write...
Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data
Summary A vulnerability in the Go package has been addressed. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown impact and attack vector. CVSS Base...
Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data
Summary A vulnerability in the Go package has been addressed. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote...
CVE-2024-35232
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...
CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...
CVE-2024-35232
The CVE-2024-35232 issue affects github.com/huandu/facebook, a Go package for Facebook Graph API usage. The root cause is that an access_token can be exposed in error messages during HTTP request failures, enabling potential information disclosure if logs or clients capture those messages. The vu...
AZL-40480 CVE-2024-24788 affecting package golang for versions less than 1.22.3-1
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop...
CVE-2024-28232
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...
CVE-2024-28232
The CVE-2024-28232 entry concerns a username enumeration flaw in CasaOS-UserService (CasaOS Login page). The issue arises because the login responses reveal whether a username exists, enabling enumeration. It was patched in CasaOS v0.4.8, though that version had not yet been uploaded to Go's pack...
Improper Preservation of Permissions in etcd
Vulnerability type Access Controls Detail etcd creates certain directory paths etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...
Important Photon OS Security Update - PHSA-2023-4.0-0531
Updates of 'go', 'vim' packages of Photon OS have been released...
Important Photon OS Security Update - PHSA-2023-3.0-0702
Updates of 'go', 'vim' packages of Photon OS have been released...
Important Photon OS Security Update - PHSA-2023-5.0-0176
Updates of 'go', 'vim' packages of Photon OS have been released...
GHSA-J3RQ-4XJW-XG63 Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks
Impact Any CLI command issued to a Coordinator after the Manifest has been set, is susceptible to be redirected to another MarbleRun Coordinator instance, which runs the same binary, but potentially a different manifest. Patches The issue has been patched in v1.4.0 Workarounds Directly using the...
CVE-2023-49292 Possible private key restoration in go package github.com/ecies/go
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...