Lucene search
+L

316 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which can be triggered by carefully crafted inputs, leading to excessive CPU consumption and memory...

7.5CVSS5.8AI score0.00784EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from a flaw in the verification module’s checksum. Malicious modules can bypass the...

7.5CVSS6AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of cleanup of output file names. When extracting malicious archive files, t...

5.9CVSS5.8AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where the listening address is bound to 0.0.0.0, allowing malicious parties on the same network to...

8.8CVSS6.2AI score0.00223EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.12.58 (RHSA-2024:3351)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3351 advisory. - jose-go: improper handling of highly compressed data CVE-2024-28180 Note that Nessus has not tested for this issue but has instead relied...

4.3CVSS6.6AI score0.01956EPSS
Exploits0References5
Redos
Redos
added 2026/04/30 12:0 a.m.9 views

ROS-20260430-73-0011

Vulnerability in golang related to incorrect reference definition before accessing a file. Exploitation of the vulnerability may allow an attacker to escalate his privileges...

6.4CVSS5.2AI score0.00292EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 9:25 p.m.11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in google.golang.org/grpc-v1.62.0

Summary IBM Watson Discovery Cartridge affected by vulnerability in google.golang.org/grpc-v1.62.0 Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS7.6AI score0.01557EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/20 8:4 p.m.14 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.10 views

CVE-2026-27144 vulnerabilities

Vulnerabilities for packages: snyk-cli, harbor, nats-top, datadog-agent, kubernetes, cert-manager, container-object-storage-interface, kyverno, vault-env, regclient, mattermost, go, gofumpt, envoy-gateway, tailscale, xcover, influx, falco-no-driver, prometheus-operator, redpanda, rancher-agent,...

7.1CVSS7AI score0.00261EPSS
Exploits0
Amazon
Amazon
added 2026/04/14 12:0 a.m.20 views

Important: cri-tools

Issue Overview: The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack. CVE-2026-32285 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3...

9.1CVSS5.9AI score0.01557EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.23 views

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-094 (ALASNITRO-ENCLAVES-2026-094)

"The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-094 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

9.1CVSS7.1AI score0.01557EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2026/04/13 4:31 p.m.3 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS5.9AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 4:21 p.m.2 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.7 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1548)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1548 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/07 10:53 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview std/archive/tar is a Go standard library package std/archive/tar Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted...

6.9CVSS5.8AI score0.0029EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 10:53 p.m.4 views

GO-2026-4947 Unexpected work during chain building in crypto/x509

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 10:53 p.m.6 views

GO-2026-4871 Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

9CVSS6.4AI score0.00658EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 6:42 p.m.7 views

GO-2026-4888 Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet

Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 8:33 p.m.5 views

GO-2026-4836 NATS has MQTT plaintext password disclosure in github.com/nats-io/nats-server

NATS has MQTT plaintext password disclosure in github.com/nats-io/nats-server...

8.6CVSS5.9AI score0.00365EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 6:14 p.m.3 views

GO-2026-4740 Denial of service in github.com/shamaton/msgpack

Denial of service in github.com/shamaton/msgpack...

7.5CVSS5.8AI score0.00405EPSS
Exploits1References4
Rows per page
Query Builder