Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of restrictions on the size of PackBits compressed data. This vulnerability...

Important: Red Hat Security Advisory: Red Hat build of MicroShift 4.19.32 security update

Red Hat build of MicroShift release 4.19.32 is now available with updates to packages and images that include a security update. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises from authenticated SSH clients repeatedly opening channels that are rejecte...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from keys that accept the ConfirmBeforeUse constraint but never enforce it, resulting in...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go; this vulnerability stems from the possibility of consuming excessive CPU resources when parsing...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

Astra Linux - уязвимость в golang-1.15

Avoid versions before 1.15.13 and 1.16.x, as well as those before 1.16.5, which have functions for DNS lookups that do not validate replies from DNS servers. As a result, a return value might contain an unsafe injection e.g., XSS, which does not conform to the RFC1035 format...

RHEL 10 : rhc-worker-playbook (RHSA-2026:19714)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19714 advisory. A worker for yggdrasil that receives Ansible playbooks and executes them against the local host. Security Fixes: golang:...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.64 security and extras update

Red Hat OpenShift Container Platform release 4.15.64 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a security impact of...

MiracleLinux 9 : git-lfs-3.6.1-8.el9_7.1 (AXSA:2026-580:05)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-580:05 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...

Unity Linux 20.1050e / 20.1070e Security Update: golang (UTSA-2026-017392)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017392 advisory. A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of cleanup of output file names. When extracting malicious archive files, t...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from a flaw in the verification module’s checksum. Malicious modules can bypass the...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which occurs when processing SETTINGS frames. If the value of SETTINGSMAXFRAMESIZE is set to 0, the...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which can be triggered by carefully crafted inputs, leading to excessive CPU consumption and memory...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where the listening address is bound to 0.0.0.0, allowing malicious parties on the same network to...

RHCOS 4 : OpenShift Container Platform 4.12.58 (RHSA-2024:3351)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3351 advisory. - jose-go: improper handling of highly compressed data CVE-2024-28180 Note that Nessus has not tested for this issue but has instead relied...

ROS-20260430-73-0011

Vulnerability in golang related to incorrect reference definition before accessing a file. Exploitation of the vulnerability may allow an attacker to escalate his privileges...