Lucene search
K

60 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : golang, --advisory ALAS2-2026-3383 (ALAS-2026-3383)

The version of golang installed on the remote host is prior to 1.25.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3383 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...

7.5CVSS6.1AI score0.00763EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux - Vulnerability in Golang-1.19

The go command may generate unexpected code during build time when using cgo. This can lead to unexpected behavior when running a Go program that uses cgo. This issue may occur when running a trusted module that contains directories with newline characters in their names. Modules retrieved using...

9.8CVSS6.7AI score0.01708EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Golang-1.19

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

9.8CVSS6.7AI score0.01548EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux - Vulnerability in Golang-1.19

Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/TLS clients, as well as servers that have Config.ClientAuth set to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default...

5.9CVSS6.7AI score0.00667EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux - Vulnerability in Golang-1.19

On Unix platforms, the Go runtime behaves differently when a binary is run with the setuid/setgid bits enabled. This can be dangerous in certain situations, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standa...

7.8CVSS6.6AI score0.00432EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux - Vulnerability in Golang-1.19

Using Parse with a build tag line like "// +build" and deeply nested expressions can lead to a panic due to stack exhaustion...

7.5CVSS6.8AI score0.01046EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Golang 1.19, Golang 1.23

Due to the use of a variable time instruction in the assembly implementation of an internal function, a small number of bits from secret scalars are leaked on the ppc64le architecture. Given the way this function is used, we believe that this leakage is not sufficient to allow recovery of the...

4CVSS6.4AI score0.00272EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Golang-1.19, Golang-1.23

The matching of hosts against proxy patterns may improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to “.example.com”, a request to “::1%25.example.com:80” will be incorrectly matched and not be proxied...

4.4CVSS6.6AI score0.00384EPSS
Exploits2References2
OSV
OSV
added 2026/06/17 4:4 p.m.0 views

ROOT-OS-DEBIAN-13-CVE-2025-61732 CVE-2025-61732 in rootio-golang-1.24 - Patched by Root

Root has patched CVE-2025-61732 in the rootio-golang-1.24 package for Root:Debian:13. Multiple fixed versions available...

8.6CVSS5.9AI score0.00472EPSS
Exploits0
OSV
OSV
added 2026/06/17 4:4 p.m.4 views

ROOT-OS-DEBIAN-13-CVE-2025-58189 CVE-2025-58189 in rootio-golang-1.24 - Patched by Root

Root has patched CVE-2025-58189 in the rootio-golang-1.24 package for Root:Debian:13. Multiple fixed versions available...

5.3CVSS7.6AI score0.00443EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/04 12:39 p.m.16 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: golang1.25: golang1.25-1.25.11-2.hum1 aarch64, x8664 golang1.25-bin-1.25.11-2.hum1 aarch64, x8664 golang1.25-docs-1.25.11-2.hum1 noarch golang1.25-misc-1.25.11-2.hum1 noarch...

10CVSS5.5AI score0.00813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.23 views

Golang 1.25.x < 1.25.10 / 1.26.x < 1.26.3 Multiple Vulnerabilities

The version of Golang running on the remote host is 1.25.x prior to 1.25.10, or 1.26.x prior to 1.26.3. It is, therefore, affected by multiple vulnerabilities, including: - The net package's LookupCNAME function could trigger a double-free crash when using the cgo DNS resolver with very long CNAM...

7.5CVSS6AI score0.00813EPSS
Exploits0References11
OSV
OSV
added 2026/05/06 9:14 a.m.13 views

CLSA-2026-1772575666 containernetworking-plugins: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory...

10CVSS7.1AI score0.01945EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.12 views

Amazon Linux 2 : golang, --advisory ALAS2-2026-3203 (ALAS-2026-3203)

The version of golang installed on the remote host is prior to 1.25.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3203 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix...

7.5CVSS7.5AI score0.00728EPSS
Exploits0References8
OSV
OSV
added 2026/03/12 6:41 p.m.11 views

CLSA-2026-1773309522 osbuild-composer: Fix of 4 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVEs - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs - CVE-2025-61728: reduce CPU usage in index construction - CVE-2025-61726: limit...

10CVSS7.1AI score0.01945EPSS
Exploits4References1
OSV
OSV
added 2026/03/06 10:16 p.m.4 views

AZL-79628 CVE-2026-27137 affecting package golang 1.26.0-1

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

7.5CVSS7.3AI score0.00606EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2026/02/25 12:0 a.m.8 views

runc security update

4:1.4.0-2 - Rebuild for new golang to address CVE-2025-68121 - Resolves: RHEL-149630...

10CVSS5.5AI score0.01945EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

Amazon Linux 2 : golang, --advisory ALAS2-2026-3172 (ALAS-2026-3172)

The version of golang installed on the remote host is prior to 1.24.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3172 advisory. A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-617...

8.6CVSS7.2AI score0.00472EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.7 views

Amazon Linux 2 : golang, --advisory ALAS2-2026-3136 (ALAS-2026-3136)

The version of golang installed on the remote host is prior to 1.24.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3136 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...

10CVSS8.4AI score0.01945EPSS
Exploits2References14
CBLMariner
CBLMariner
added 2026/01/29 6:36 p.m.8 views

CVE-2025-61726 affecting package golang for versions less than 1.25.6-1

CVE-2025-61726 affecting package golang for versions less than 1.25.6-1. A patched version of the package is available...

7.5CVSS8.2AI score0.01945EPSS
Exploits0
Rows per page
Query Builder