47 matches found
Alibaba Cloud Linux 3 : 0060: go-toolset:rhel8 (ALINUX3-SA-2021:0060)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0060 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-14809: net/url in Go before 1.11....
Linux Distros Unpatched Vulnerability : CVE-2019-14809
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is relat...
RHEL 7 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: arbitrary command execution via VCS path CVE-2018-7187 - golang: malformed hosts in URLs leads to...
Oracle Linux 8 : go-toolset:ol8 (ELSA-2019-3433)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3433 advisory. - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is...
Mageia: Security Advisory (MGASA-2019-0251)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-1792)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : golang (EulerOS-SA-2021-1792)
According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications...
CentOS 8 : go-toolset:rhel8 (CESA-2019:3433)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3433 advisory. - golang: malformed hosts in URLs leads to authorization bypass CVE-2019-14809 Note that Nessus has not tested for this issue but has instead relied only on the...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2019-1916)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2019-2078)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for go1.12 (openSUSE-SU-2019:2085-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Go (CVE-2019-14809)
Summary A Security Vulnerability affects IBM Cloud Private - Go Vulnerability Details CVEID: CVE-2019-14809 DESCRIPTION: Go could allow a remote attacker to bypass security restrictions, caused by improper handling of hosts in URLs. By using a specially-crafted host, an attacker could exploit thi...
RHEL 8 : go-toolset:rhel8 (RHSA-2019:3433)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3433 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: malformed hosts in...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security, bug fix, and enhancement update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Amazon Linux 2 : golang (ALAS-2019-1309)
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...
Medium: golang
Issue Overview: net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For...
EulerOS 2.0 SP8 : golang (EulerOS-SA-2019-2078)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an...
EulerOS 2.0 SP5 : golang (EulerOS-SA-2019-1916)
According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications...
openSUSE Security Update : go1.12 (openSUSE-2019-2130) (Ping Flood) (Reset Flood)
This update for go1.12 fixes the following issues : Security issues fixed : - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth bsc1146111. - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial o...
Photon OS 2.0: Go PHSA-209-2.0-0175
An update of the go package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-209-2.0-0175. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid128724;...