Lucene search
K

286 matches found

OSV
OSV
added 2023/01/23 2:30 p.m.40 views

RLSA-2023:0328 Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputi...

7.5CVSS7.2AI score0.01544EPSS
Exploits1References5
Fedora
Fedora
added 2023/01/10 1:21 a.m.12 views

[SECURITY] Fedora 37 Update: golang-1.19.4-1.fc37

The Go Programming Language...

1.8AI score
Exploits0
hivepro
hivepro
added 2022/12/15 1:59 p.m.10 views

A New GoLang Botnet named GoTrim BruteForcing multiple CMS

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new GoTrim botnet has been scanning and brute-forcing on the four Content Management Systems WordPress, DataLife Engine, Joomla!, and OpenCart websites. GoTrim botnet is written in Go Programming...

1AI score
Exploits0
Cvelist
Cvelist
added 2022/11/17 12:0 a.m.38 views

CVE-2022-41920 Zip slip in Lancet

Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...

6.3CVSS8.8AI score0.00793EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/11/17 12:0 a.m.7 views

CVE-2022-41920 Zip slip in Lancet

Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...

6.3CVSS7AI score0.00793EPSS
Exploits1References4
CVE
CVE
added 2022/11/17 12:0 a.m.73 views

CVE-2022-41920

Lancet’s Go library (github.com/duke-git/lancet) contains a ZipSlip vulnerability in the fileutil UnZip path when unzipping archives. Affected versions are vulnerable; the issue is addressed with fixes in Lancet v2.1.10 and v1.3.4. Upgrading to these versions or newer is advised. No explicit work...

8.8CVSS7.2AI score0.00793EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/11/15 10:9 a.m.3 views

USN-5725-1 golang-1.13 vulnerability

Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service...

7.5CVSS6.8AI score0.0473EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2022/11/15 10:9 a.m.43 views

USN-5725-1: Go vulnerability

Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service...

7.5CVSS6.8AI score0.0473EPSS
Exploits0
Fedora
Fedora
added 2022/10/17 10:55 p.m.43 views

[SECURITY] Fedora 37 Update: golang-1.19.2-1.fc37

The Go Programming Language...

7.5CVSS8AI score0.01544EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/09/15 12:0 a.m.24 views

Fedora: Security Advisory for golang (FEDORA-2022-67ec8c61d0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8.1AI score0.02513EPSS
Exploits0References2
Fedora
Fedora
added 2022/09/13 1:30 a.m.43 views

[SECURITY] Fedora 36 Update: golang-1.18.6-1.fc36

The Go Programming Language...

7.5CVSS8AI score0.02513EPSS
Exploits0
NVD
NVD
added 2022/09/06 6:15 p.m.23 views

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

7.5CVSS0.02513EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/09/06 6:15 p.m.124 views

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

7.5CVSS6.8AI score0.02513EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.6 views

The vulnerability of the Go programming language’s compress/gzip package, which allows a hacker to trigger a service failure

The vulnerability of the Go programming language’s compress/gzip package is related to unmanaged recursion. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

7.8CVSS7AI score0.01615EPSS
Exploits0References7Affected Software7
The Hacker News
The Hacker News
added 2022/09/01 12:55 p.m.27 views

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks

.jpg The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control C2 infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-Ju...

2.1AI score
Exploits0
OSV
OSV
added 2022/08/10 8:15 p.m.7 views

AZL-10539 CVE-2022-32189 affecting package golang for versions less than 1.18.5-1

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

7.5CVSS6.7AI score0.0198EPSS
Exploits1References1
OSV
OSV
added 2022/08/10 8:15 p.m.7 views

AZL-79116 CVE-2022-1705 affecting package golang 1.25.7-1

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

6.5CVSS6.7AI score0.01113EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/08/01 4:7 p.m.95 views

Important: Red Hat Security Advisory: go-toolset and golang security and bug fix update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.9AI score0.05335EPSS
Exploits6References10
OSV
OSV
added 2022/08/01 8:57 a.m.36 views

RLSA-2022:5775 Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stac...

7.5CVSS8.8AI score0.01875EPSS
Exploits4References10
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.9 views

Fedora: Security Advisory for golang-github-gojuno-minimock (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Rows per page
Query Builder