Lucene search
K

76 matches found

bdu_fstec
bdu_fstec
added 2024/01/11 12:0 a.m.8 views

The vulnerability of the cmd-go programming language component, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the cmd-go component in the Go programming language is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

7.8CVSS6.8AI score0.01137EPSS
Exploits0References6Affected Software2
redhatcve
redhatcve
added 2023/12/07 12:35 p.m.58 views

CVE-2023-45285

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available. Mitigation This issue only affects users who are not using the module proxy and are fetching modules directly i.e...

7.5CVSS6.7AI score0.01137EPSS
Exploits0References4
osv
osv
added 2023/11/09 8:51 a.m.25 views

OPENSUSE-SU-2023:0360-1 Security update for go1.21

This update introduces go1.21, including fixes for the following issues: - go1.21.3 released 2023-10-10 includes a security fix to the net/http package. Refs boo1212475 go1.21 release tracking CVE-2023-39325 CVE-2023-44487 go63427 go63417 boo1216109 security: fix CVE-2023-39325 CVE-2023-44487...

9.8CVSS7.7AI score0.99999EPSS
Exploits19References19
vulnrichment
vulnrichment
added 2023/09/08 4:13 p.m.19 views

CVE-2023-39320 Arbitrary code execution via go.mod toolchain directive in cmd/go

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

7.1AI score0.01424EPSS
Exploits0References6
cvelist
cvelist
added 2023/09/08 4:13 p.m.29 views

CVE-2023-39320 Arbitrary code execution via go.mod toolchain directive in cmd/go

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

9.8AI score0.01424EPSS
Exploits0References6
osv
osv
added 2023/09/07 4:11 p.m.53 views

GO-2023-2042 Arbitrary code execution via go.mod toolchain directive in cmd/go

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

9.8CVSS9.2AI score0.01424EPSS
Exploits0References3
nessus
nessus
added 2023/09/07 12:0 a.m.44 views

FreeBSD : go -- multiple vulnerabilities (beb36f39-4d74-11ee-985e-bff341e78d94)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the beb36f39-4d74-11ee-985e-bff341e78d94 advisory. - The Go project reports: cmd/go: go.mod toolchain directive allows arbitrary execution The...

9.8CVSS7.6AI score0.01424EPSS
Exploits0References7
freebsd
freebsd
added 2023/09/06 12:0 a.m.40 views

go -- multiple vulnerabilities

The Go project reports: cmd/go: go.mod toolchain directive allows arbitrary execution The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to...

9.8CVSS6.9AI score0.01424EPSS
Exploits0References1
nessus
nessus
added 2023/06/29 12:0 a.m.42 views

RHEL 7 : go-toolset-1.19 and go-toolset-1.19-golang (RHSA-2023:3920)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3920 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: cmd/go: go...

9.8CVSS8.1AI score0.01837EPSS
Exploits0References11
nessus
nessus
added 2023/06/29 12:0 a.m.39 views

RHEL 9 : go-toolset and golang (RHSA-2023:3923)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3923 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go...

9.8CVSS8.1AI score0.01837EPSS
Exploits0References11
nessus
nessus
added 2023/06/29 12:0 a.m.32 views

RHEL 8 : go-toolset:rhel8 (RHSA-2023:3922)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3922 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: cmd/go: go...

9.8CVSS8.1AI score0.01837EPSS
Exploits0References11
nessus
nessus
added 2023/06/21 12:0 a.m.12 views

Fedora 37 : golang (2023-30f7ad4709)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-30f7ad4709 advisory. go1.19.10 released 2023-06-06 includes four security fixes to the cmd/go and runtime packages, as well as bug fixes to the compiler, the go command, and the...

5.6AI score
Exploits0References1
mscve
mscve
added 2023/06/14 12:0 a.m.4 views

CVE-2023-29404

...

9.8CVSS7.1AI score0.01837EPSS
Exploits0
freebsd
freebsd
added 2023/04/27 12:0 a.m.66 views

go -- multiple vulnerabilities

The Go project reports: crypto/tls: restrict RSA keys in certificates to = 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to = 8192...

9.8CVSS7.1AI score0.01837EPSS
Exploits0References4
amazon
amazon
added 2023/02/22 12:0 a.m.70 views

Medium: golang

Issue Overview: Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This...

9.1CVSS8.9AI score0.03015EPSS
Exploits0
nessus
nessus
added 2022/09/08 12:0 a.m.46 views

RHEL 7 / 8 : OpenShift Container Platform 4.10.25 (RHSA-2022:5729)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5729 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

9.1CVSS7.4AI score0.05416EPSS
Exploits2References11
nessus
nessus
added 2022/09/08 12:0 a.m.102 views

RHEL 8 : OpenShift Container Platform 4.11.0 (RHSA-2022:5068)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5068 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

9.1CVSS7.5AI score0.05994EPSS
Exploits2References25
nessus
nessus
added 2022/09/08 12:0 a.m.45 views

RHEL 8 : Red Hat OpenShift Service Mesh 2.1.3 (RHSA-2022:5004)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5004 advisory. Red Hat OpenShift Service Mesh is a Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise...

10CVSS7.6AI score0.03015EPSS
Exploits1References22
osv
osv
added 2022/08/02 3:44 p.m.38 views

GO-2022-0190 Directory traversal via "go get" command in cmd/go

The "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly brace both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode the distinction is documented at...

8.1CVSS7.8AI score0.05039EPSS
Exploits0References4
nessus
nessus
added 2022/06/17 12:0 a.m.41 views

EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-1890)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to...

7.5CVSS7.4AI score0.05416EPSS
Exploits1References4
Rows per page
Query Builder