Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2018-7187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The go get implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for :// anywhere...

9.3CVSS8.1AI score0.63229EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: arbitrary command execution via VCS path CVE-2018-7187 - golang: malformed hosts in URLs leads to...

8.8CVSS8.9AI score0.66252EPSS
Exploits4References10
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2018:4297-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.2AI score0.66252EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.33 views

openSUSE Security Update : go1.9 (openSUSE-2019-482)

This update for go1.9 fixes the following issues : Security issues fixed : - CVE-2018-7187: arbitrary command execution via VCS path boo1081495 Non-security changes : - Update to version 1.9.7 - fixes to the go command and compiler - minimal support to the go command for the vgo transition...

9.3CVSS8.2AI score0.63229EPSS
Exploits1References2
Debian
Debian
added 2019/02/01 2:38 p.m.198 views

[SECURITY] [DSA 4379-1] golang-1.7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4379-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq -...

9.3CVSS9AI score0.63229EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.29 views

Fedora 28 : golang (2018-fe65c14082)

Security fix for CVE-2018-7187 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

9.3CVSS7.8AI score0.63229EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/07/24 12:0 a.m.24 views

Photon OS 2.0 : go (PhotonOS-PHSA-2018-2.0-0034) (deprecated)

An update of 'go' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0034. The text itself is copyright C VMware, Inc...

9.3CVSS7.6AI score0.63229EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/06/25 12:0 a.m.30 views

openSUSE Security Update : go1.9 (openSUSE-2018-672)

This update for go1.9 fixes the following issues : Security issues fixed : - CVE-2018-7187: arbitrary command execution via VCS path boo1081495 Non-security changes : - Update to version 1.9.7 - fixes to the go command and compiler - minimal support to the go command for the vgo transition...

9.3CVSS8.2AI score0.63229EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2018/06/24 12:0 a.m.28 views

openSUSE: Security Advisory for go1.9 (openSUSE-SU-2018:1811-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.8AI score0.63229EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/23 3:10 p.m.128 views

Security update for go1.9 (moderate)

This update for go1.9 fixes the following issues: Security issues fixed: - CVE-2018-7187: arbitrary command execution via VCS path boo1081495 Non-security changes: - Update to version 1.9.7 - fixes to the go command and compiler - minimal support to the go command for the vgo transition...

9.3CVSS6AI score0.63229EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/23 3:9 p.m.117 views

Security update for go1.9 (moderate)

This update for go1.9 fixes the following issues: Security issues fixed: - CVE-2018-7187: arbitrary command execution via VCS path boo1081495 Non-security changes: - Update to version 1.9.7 - fixes to the go command and compiler - minimal support to the go command for the vgo transition...

9.3CVSS6AI score0.63229EPSS
Exploits1References1
Mageia
Mageia
added 2018/05/16 8:24 a.m.35 views

Updated golang packages fix security vulnerability

A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

9.3CVSS7AI score0.63229EPSS
Exploits1References2
OSV
OSV
added 2018/05/16 8:24 a.m.8 views

MGASA-2018-0238 Updated golang packages fix security vulnerability

A flaw was found in Go Lang. The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

9.3CVSS8.9AI score0.63229EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2018/04/30 12:0 a.m.4 views

Google Golang Get Command Injection (CVE-2018-7187)

A command injection vulnerability exists in the golang client. This vulnerability is due to insufficient sanitization of user input by the go get command...

9.3CVSS2.6AI score0.63229EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/04/16 12:0 a.m.28 views

GLSA-201804-12 : Go: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201804-12 Go: Arbitrary code execution A vulnerability in Go was discovered which does not validate the import path of remote repositories. Impact : Remote attackers, by enticing a user to import from a crafted website, could...

9.3CVSS8.4AI score0.63229EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/03/27 12:0 a.m.34 views

Amazon Linux AMI : golang (ALAS-2018-975)

Arbitrary code execution during 'go get' via C compiler options : An arbitrary command execution flaw was found in the way Go's 'go get' command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to...

9.3CVSS8.1AI score0.63229EPSS
Exploits5References3
Amazon
Amazon
added 2018/03/21 12:0 a.m.48 views

Medium: golang

Issue Overview: Arbitrary code execution during "go get" via C compiler options: An arbitrary command execution flaw was found in the way Go's "go get" command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially u...

9.3CVSS8.1AI score0.63229EPSS
Exploits5
Debian
Debian
added 2018/02/25 3:59 p.m.28 views

[SECURITY] [DLA 1294-1] golang security update

Package : golang Version : 2:1.0.2-1.1+deb7u3 CVE ID : CVE-2018-7187 It was discovered that there was an arbitrary command execution vulnerability in the Go programming language. The "go get" implementation did not correctly validate "import path" statements for "://" which allowed remote attacke...

9.3CVSS9AI score0.63229EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2018/02/16 5:29 p.m.36 views

CVE-2018-7187

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

9.3CVSS7.2AI score0.63229EPSS
Exploits1References1
OSV
OSV
added 2018/02/16 5:29 p.m.30 views

CVE-2018-7187

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

8.8CVSS8.1AI score
Exploits0References6
Rows per page
Query Builder