13757 matches found
SUSE-SU-2026:2665-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update...
CVE-2026-13426 Client4 fails to validate path parameters
The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...
RLSA-2026:29980 Moderate: golang security, bug fix, and enhancement update
The golang packages provide the Go programming language compiler. Security Fixes: net/textproto: golang: Golang net/textproto: Misleading error messages via input injection CVE-2026-42507 Bug Fixes and Enhancements: Update Go to version 1.26.4+1 rhel-10.2.z JIRA:Rocky Linux-183347 For more detail...
RLSA-2026:29981 Moderate: golang security, bug fix, and enhancement update
The golang packages provide the Go programming language compiler. Security Fixes: net/textproto: golang: Golang net/textproto: Misleading error messages via input injection CVE-2026-42507 Bug Fixes and Enhancements: Update Go to version 1.26.4+1 rhel-9.8.z JIRA:Rocky Linux-183350 For more details...
golang security, bug fix, and enhancement update
An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...
OPENSUSE-SU-2026:21072-1 Security update for trivy
This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption bsc1267268. - CVE-2026-46680:...
RockyLinux 10 : buildah (RLSA-2026:29195)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29195 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...
SUSE SLES15 Security Update : containerized-data-importer (SUSE-SU-2026:2493-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2493-1 advisory. - Security: re-vendor Go dependencies to address CVEs tracked against containerized-data-importer backport of upstream PR 4110,...
GO-2026-5763 Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority
Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority...
GO-2026-5746 Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker
Docker: PUT /containers/id/archive executes container binary on the host in github.com/docker/docker...
GO-2026-5694 Cosign's verify-blob-attestation reports false positive when payload parsing fails in github.com/sigstore/cosign
Cosign's verify-blob-attestation reports false positive when payload parsing fails in github.com/sigstore/cosign...
GO-2026-5667 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns
CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns...
GO-2026-5708 Grafana: Users can generate Service Account tokens after permissions removal in github.com/grafana/grafana
Grafana: Users can generate Service Account tokens after permissions removal in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GO-2026-5547 in-toto-golang and in-toto-python have inconsistent negation behavior in github.com/in-toto/in-toto-golang
in-toto-golang and in-toto-python have inconsistent negation behavior in github.com/in-toto/in-toto-golang...
GO-2026-5515 Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery in github.com/dhax/go-base
Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery in github.com/dhax/go-base...
GO-2026-5568 Podman: WORKDIR symlink traversal vulnerability in github.com/containers/podman
Podman: WORKDIR symlink traversal vulnerability in github.com/containers/podman...
GO-2026-5616 S3-Proxy has Security Issues in its Resource Path Matching Implementation in github.com/oxyno-zeta/s3-proxy
S3-Proxy has Security Issues in its Resource Path Matching Implementation in github.com/oxyno-zeta/s3-proxy...
GO-2026-5552 OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering in github.com/OliveTin/OliveTin
OliveTin has Unvalidated ot-prefixed Arguments that Bypass Input Filtering in github.com/OliveTin/OliveTin...
GO-2026-5462 Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor in github.com/argoproj/argo-workflows
Argo Vulnerable to Unauthenticated Memory Exhaustion DoS in Webhook Interceptor in github.com/argoproj/argo-workflows...
GO-2026-5457 Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc...