GO-2022-0190 Directory traversal via "go get" command in cmd/go

The "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly brace both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode the distinction is documented at...

CVE-2022-31179 Insufficient escaping of line feeds for CMD in shescape

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by...

Fedora: Security Advisory for golang-x-perf (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...

[SECURITY] Fedora 35 Update: golang-x-perf-0-0.15.20210123gitbdcc622.fc35

This package holds the source for various tools related to performance measurement, storage, and analysis. - cmd/benchstat contains a command-line tool that computes and 7 compares statistics about benchmarks. - cmd/benchsave contains a command-line tool for publishing benchmark results. - storag...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-1890)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to...

grub2: use-after-free in grub_cmd_chainloader()

A use-after-free vulnerability was found on grub2's chainloader command. This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub's memory allocation pattern...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-1865)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

CVE-2022-31846

A vulnerability in livemfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31845

A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

Design/Logic Flaw

A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

Information disclosure

A vulnerability in livemfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function...

Information disclosure

A vulnerability in livemfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31846

WAVLINK WN535 G3 M35G3R.V5030.180927 is affected by CVE-2022-31846 in the live_mfg.shtml page. Nuclei templates document a information-disclosure vulnerability where an attacker can obtain sensitive router information by triggering the exec cmd function, potentially exposing configuration details...

CVE-2022-31846

A vulnerability in livemfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31845

A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31308

A vulnerability in livemfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-30909

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...

CVE-2022-30909

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...

Stack overflow

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...