golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

[SECURITY] Fedora 33 Update: golang-1.15.5-1.fc33

The Go Programming Language...

CVE-2020-28362

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service...

go-toolset:rhel8 bug fix and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Fedora: Security Advisory for golang (FEDORA-2020-741cfa13d0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1407-1 Security update for go1.14

This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs bsc1174977. - go1.14.6 released 2020-07-16 includes fixes to the go command, the compiler, the linker, vet,...

Fedora: Security Advisory for golang (FEDORA-2020-a55f130272)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

Design/Logic Flaw

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

PT-2020-13859 · Go +6 · X/Text +6

Name of the Vulnerable Software and Affected Versions: x/text package versions prior to 0.3.3 Description: The issue is related to the UTF-16 decoder in the encoding/unicode component, which could enter an infinite loop if a single byte is provided to a UTF16 decoder instantiated with UseBOM or...

Security Bulletin: Vulnerability in Go programming language affects IBM Spectrum Protect Server (CVE-2019-16276)

Summary The Go programming language could allow a remote attacker to bypass security restrictions which affects the IBM Spectrum Protect Server. Vulnerability Details CVEID: CVE-2019-16276 DESCRIPTION: Golang could allow a remote attacker to bypass security restrictions, caused by improper...

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...

The vulnerability of the Go programming language’s crypto/x509 package, which allows a hacker to trigger a service failure

The vulnerability of the Go programming language’s crypto/x509 package is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Domained - Multi Tool Subdomain Enumeration

A domain name enumeration tool The tools contained in domained requires Kali Linux preferred or Debian 7+ and Recon-ng domained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots,...

[SECURITY] Fedora 31 Update: golang-1.13.9-1.fc31

The Go Programming Language...

CVE-2016-5386

An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTPPROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTPPROXY" is used by numerous web clients, including Go's net/http package,...

Agente - Distributed Simple And Robust Release Management And Monitoring System

Distributed simple and robust release management and monitoring system. This project on going work. Road map Core system First worker agent Management dashboard Jenkins vs CI tool extensions Management dashboard First master agent All relevant third-party system integrations version control, CI,...