Lucene search
K

286 matches found

CNVD
CNVD
added 2021/05/28 12:0 a.m.5 views

Google Go has an unspecified vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Go versions prior to 1.15.12 and 1.16.x prior to 1.16.4, which can be exploited by remote attackers to cause a denial of service by sending a...

5.9CVSS6.9AI score0.03692EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/03/14 12:0 a.m.46 views

Debian: Security Advisory (DLA-2591-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.66252EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2021/03/14 12:0 a.m.31 views

Debian: Security Advisory (DLA-2592-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.66252EPSS
Exploits2References4
CNVD
CNVD
added 2021/03/11 12:0 a.m.8 views

Go Denial of Service Vulnerability (CNVD-2021-19693)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. The archive/zip in Go is not working when attempting to use Reader.zip on zip archive files with filenames starting with . / begins with a ZIP archive file using the Reader.Open A...

5.5CVSS6.4AI score0.01517EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2021/03/10 11:54 p.m.37 views

CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

7.5CVSS7.7AI score0.02543EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/08 7:10 p.m.118 views

USN-4758-1: Go vulnerability

It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting XSS attacks...

6.1CVSS6.7AI score0.03646EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2021/03/03 12:0 a.m.3 views

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the “go get” command in the Go programming language is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.6CVSS7.7AI score0.06497EPSS
Exploits0References6Affected Software2
UbuntuCve
UbuntuCve
added 2021/01/26 6:16 p.m.40 views

CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo for example, cgo can execute a gcc program from an untrusted download...

7.5CVSS7.8AI score0.06497EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2021/01/26 2:14 a.m.44 views

CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo for example, cgo can execute a gcc program from an untrusted download...

7.5CVSS8.3AI score0.06497EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/01/14 1:40 p.m.5 views

golang: malicious symbol names can lead to code execution at build time

An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...

7.5CVSS7.6AI score0.02244EPSS
Exploits0References5
OSV
OSV
added 2021/01/02 6:15 a.m.30 views

CVE-2020-28852

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

7.5CVSS7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/11/24 11:57 a.m.11 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
Fedora
Fedora
added 2020/11/23 1:8 a.m.42 views

[SECURITY] Fedora 33 Update: golang-1.15.5-1.fc33

The Go Programming Language...

7.5CVSS7AI score0.03813EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/11/18 5:15 p.m.42 views

CVE-2020-28362

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service...

7.5CVSS6.8AI score0.03813EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2020/11/03 12:32 p.m.24 views

go-toolset:rhel8 bug fix and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

2.1AI score
Exploits0
OpenVAS
OpenVAS
added 2020/09/26 12:0 a.m.24 views

Fedora: Security Advisory for golang (FEDORA-2020-741cfa13d0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS6.6AI score0.03646EPSS
Exploits2References2
OSV
OSV
added 2020/09/11 4:23 a.m.7 views

OPENSUSE-SU-2020:1407-1 Security update for go1.14

This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs bsc1174977. - go1.14.6 released 2020-07-16 includes fixes to the go command, the compiler, the linker, vet,...

7.5CVSS6.5AI score0.0473EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2020/09/08 12:0 a.m.25 views

Fedora: Security Advisory for golang (FEDORA-2020-a55f130272)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.1AI score0.0473EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/08/06 6:15 p.m.35 views

CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

7.5CVSS6.8AI score0.0473EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/06/17 12:0 a.m.11 views

PT-2020-13859 · Go +6 · X/Text +6

Name of the Vulnerable Software and Affected Versions: x/text package versions prior to 0.3.3 Description: The issue is related to the UTF-16 decoder in the encoding/unicode component, which could enter an infinite loop if a single byte is provided to a UTF16 decoder instantiated with UseBOM or...

7.5CVSS6.5AI score0.0473EPSS
Exploits3References90
Rows per page
Query Builder