87 matches found
GHSA-H2RP-8VPX-Q9R4 cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002)
Description There have been two upstream security advisories and associated patches published under ISA-2025-001 and ISA-2025-002. ISA-2025-001 affects the IBC-Go package., where non-deterministic JSON unmarshalling of IBC Acknowledgements can result in a chain halt. ISA-2025-002 affects the Cosm...
cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002)
Description There have been two upstream security advisories and associated patches published under ISA-2025-001 and ISA-2025-002. ISA-2025-001 affects the IBC-Go package., where non-deterministic JSON unmarshalling of IBC Acknowledgements can result in a chain halt. ISA-2025-002 affects the Cosm...
SUSE-SU-2025:0429-1 Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: - Update to version 0.0.20250207T224745 2025-02-07T22:47:45Z. Refs jscPED-11136 Go CVE Numbering Authority IDs added or updated with aliases: GO-2025-3456 CVE-2025-24786 GHSA-9r4c-jwx3-3j76 GO-2025-3457 CVE-2025-24787...
USN-7111-1: Go vulnerabilities
Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. CVE-2022-41723 Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this...
USN-7109-1: Go vulnerabilities
Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. CVE-2022-41723 Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this...
Ubuntu 22.04 LTS : Go vulnerabilities (USN-7111-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7111-1 advisory. Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service...
USN-7081-1: Go vulnerabilities
It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. CVE-2024-24791 It was discovered that the Go parser module did not...
Ubuntu 22.04 LTS : Go vulnerabilities (USN-7061-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7061-1 advisory. Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run...
Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities CVE-2023-45290, CVE-2024-24783, CVE-2024-24785, CVE-2023-45289, CVE-2024-24784 & CVE-2024-24788
Summary Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to denial of service and remote code execution due to Go vulnerabilities CVE-2023-45290, CVE-2024-24783, CVE-2024-24785, CVE-2023-45289, CVE-2024-24784 & CVE-2024-24788. These have been remediated. Vulnerability Details...
Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to information disclosure and denial of service due to Go vulnerabilities CVE-2023-45287, CVE-2023-39326, and CVE-2024-24786
Summary Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to information disclosure and denial of service due to Go vulnerabilities CVE-2023-45287, CVE-2023-39326, and CVE-2024-24786. These have been remediated. Vulnerability Details CVEID:CVE-2023-45287 DESCRIPTION: Golang Go...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Go vulnerabilities (USN-6886-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6886-1 advisory. It was discovered that the Go net/http module did not properly handle the requests when request's headers exceed MaxHeaderBytes...
USN-6886-1 golang-1.21, golang-1.22 vulnerabilities
It was discovered that the Go net/http module did not properly handle the requests when request's headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...
USN-6574-1 Go vulnerabilities
Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,...
Security Bulletin: Operations Dashboard is vulnerable to remote code execution, privilege escalation, and denial of service due to multiple Go vulnerabilities
Summary Operations Dashboard is vulnerable to remote code execution, privilege escalation, and denial of service due to multiple Go vulnerabilities with details below CVE-2023-29405, CVE-2023-29404, CVE-2023-29402, CVE-2023-29403, CVE-2023-29400, IBM X-Force ID: 250518. The vulnerabilities have...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Go
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Go, with details below. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24536 DESCRIPTION: Golang Go is vulnerable to a denial of service,...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Go vulnerabilities (USN-6038-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6038-1 advisory. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attack...
Amazon Linux 2023 : compat-golang-github-cpuguy83-md2man-2-devel, golang-github-cpuguy83-md2man, golang-github-cpuguy83-md2man-devel (ALAS2023-2023-047)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-047 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...
Security Bulletin: Operations Dashboard is vulnerable to Go vulnerabilities CVE-2021-41771 and CVE-2021-41772
Summary Operations Dashboard is vulnerable to Go vulnerabilities CVE-2021-41771 and CVE-2021-41772 with details of each below Vulnerability Details CVEID: CVE-2021-41771 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the ImportedSymbols...
Security Bulletin: Operations Dashboard is vulnerable to multiple Go vulnerabilities
Summary Operations Dashboard is vulnerable to multiple Go vulnerabilities with details of each below Vulnerability Details CVEID: CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By...
Security Bulletin: Operations Dashboard is vulnerable to Go vulnerabilities (CVE-2021-27918 and CVE-2021-27919)
Summary Operations Dashboard is vulnerable to Go vulnerabilities CVE-2021-27918 and CVE-2021-27919 with details of each below. Vulnerability Details CVEID: CVE-2021-27918 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder wi...