Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

133 matches found

Tenable Nessus
Tenable Nessusadded 2024/02/20 12:0 a.m.74 views

RHEL 8 : go-toolset:rhel8 (RHSA-2024:0887)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0887 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang:...

7.5CVSS7.2AI score0.00123EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2023/12/21 12:0 a.m.32 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20-openssl (SUSE-SU-2023:4930-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4930-1 advisory. - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or...

7.5CVSS7.1AI score0.00123EPSS
Exploits0References11
Veracode
Veracodeadded 2023/12/12 6:42 a.m.40 views

Insecure Protocol Handling

github.com/golang/go is vulnerable to Insecure Protocol Handling. The vulnerability exists in the repoRootFromVCSPaths function of vcs.go when using go get to fetch a module with the .git suffix. It may unexpectedly fallback to the insecure git:// protocol if the module is unavailable via the...

7.5CVSS6.9AI score0.00055EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessusadded 2023/12/08 12:0 a.m.28 views

Golang 1.20.x < 1.20.12, 1.21.x < 1.21.5 Multiple Vulnerabilities

The version of Golang running on the remote host is prior to 1.20.12 or 1.21.x prior to 1.21.5. It is, therefore, is affected by multiple vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from t...

7.5CVSS7.1AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/12/07 2:5 a.m.2 views

SUSE CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

6.5CVSS7.4AI score0.00055EPSS
Exploits0References10
OSV
OSVadded 2023/12/06 5:15 p.m.25 views

CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS7.4AI score
Exploits0References5
OSV
OSVadded 2023/12/06 5:15 p.m.2 views

AZL-37438 CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS6.8AI score0.00055EPSS
Exploits0References1
Prion
Prionadded 2023/12/06 5:15 p.m.26 views

Code injection

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

5CVSS6.9AI score0.00055EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2023/12/06 4:22 p.m.28 views

GO-2023-2383 Command 'go get' may unexpectedly fallback to insecure git in cmd/go

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS7.7AI score0.00055EPSS
Exploits0References3
NVD
NVDadded 2023/12/05 3:15 a.m.12 views

CVE-2023-42579

Improper usage of insecure protocol i.e. HTTP in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middl...

6.5CVSS0.00061EPSS
Exploits0References1
OSV
OSVadded 2023/12/05 3:15 a.m.2 views

CVE-2023-42579

Improper usage of insecure protocol i.e. HTTP in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middl...

5.3CVSS5.8AI score0.00061EPSS
Exploits0References1
Prion
Prionadded 2023/12/05 3:15 a.m.12 views

Design/Logic Flaw

Improper usage of insecure protocol i.e. HTTP in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middl...

1.8CVSS7.1AI score0.00061EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2023/12/05 2:44 a.m.48 views

CVE-2023-42579

CVE-2023-42579 affects the SogouSDK used by the Chinese Samsung Keyboard on Android. The root issue is improper use of an insecure protocol (HTTP), enabling adjacent attackers to perform MITM interception of keystroke data. Affected versions are: Android 11 (before 5.3.70.1); Android 12 (before 5...

6.5CVSS5.2AI score0.00061EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2023/12/05 12:0 a.m.4 views

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices, which stems from the improper use of an insecure protocol in the SogouSDK for Chinese Samsung...

6.5CVSS5.6AI score0.00061EPSS
Exploits0References1
OpenVAS
OpenVASadded 2023/11/30 12:0 a.m.10 views

Ubuntu: Security Advisory (USN-6519-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
Ubuntu
Ubuntuadded 2023/11/29 5:39 p.m.16 views

USN-6519-2: EC2 hibagent update

USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/11/29 12:0 a.m.2 views

PT-2023-36324 · Amazon · Ec2 Hibagent

Name of the Vulnerable Software and Affected Versions: EC2 hibagent versions prior to the update that adds IMDSv2 support Description: The issue concerns the use of an insecure protocol by IMDSv1, which is no longer recommended. The EC2 hibagent package has been updated to add IMDSv2 support...

7.2AI score
Exploits0References3
OSV
OSVadded 2023/11/28 6:11 p.m.1 views

USN-6519-1 ec2-hibinit-agent update

The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended...

5.7AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/11/28 12:0 a.m.2 views

PT-2023-36323 · Amazon · Ec2 Hibagent

Name of the Vulnerable Software and Affected Versions: EC2 hibagent affected versions not specified Description: The issue concerns the use of an insecure protocol by IMDSv1, which is no longer recommended. To address this, the EC2 hibagent package has been updated to add support for IMDSv2...

6.9AI score
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/10/04 12:0 a.m.2 views

PT-2023-17096 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: A flaw was found in Quarkus, where Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used. This can allow attackers to access...

7.5CVSS6.4AI score0.00291EPSS
Exploits0References17
Rows per page
Query Builder