Lucene search
K

15 matches found

OSV
OSV
added 2021/06/23 6:2 p.m.30 views

GHSA-CJJC-XP8V-855W Helm uses crypto package vulnerable to panic from malformed X.509 certificate

The Helm core maintainers have identified a high severity security vulnerability in Go's crypto package affecting all versions prior to Helm 2.16.8 and Helm 3.1.0. Thanks to @ravin9249 for identifying the vulnerability. Impact Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte...

7.5CVSS7.3AI score0.02582EPSS
Exploits0References16
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/09 3:10 p.m.39 views

Security Bulletin: IBM Security Guardium Insights is affected by a Go denial of service vulnerability (CVE-2020-7919)

Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic...

7.8CVSS1.9AI score0.02582EPSS
Exploits0Affected Software1
Debian
Debian
added 2021/02/08 9:24 p.m.87 views

[SECURITY] [DSA 4848-1] golang-1.11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4848-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 08, 2021 https://www.debian.org/security/faq -...

7.8CVSS8.1AI score0.0473EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/11 7:10 a.m.35 views

Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.

Summary Fixed OSS issus for listed CVEs. Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. CVSS Base score: 7.5 CVSS Temporal Score:...

8.2CVSS0.8AI score0.61139EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/10 11:16 a.m.30 views

Security Bulletin: Open Source Security issues for AWS storage layer in NPS.

Summary Fixed OSS issue for listed CVEs. AWS storage later in NPS. Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. CVSS Base score...

7.8CVSS1.4AI score0.25939EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 11:13 p.m.32 views

Security Bulletin: IBM API Connect V 2018 is impacted by a vulnerability in Go (Golang) (CVE-2020-7919)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. CVSS Base score...

7.8CVSS1AI score0.02582EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/05/13 12:0 a.m.34 views

Photon OS 1.0: Go PHSA-2020-1.0-0292

An update of the go package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0292. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid136553;...

7.8CVSS7.5AI score0.02582EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/13 12:0 a.m.34 views

Photon OS 3.0: Go PHSA-2020-3.0-0087

An update of the go package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0087. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid136575;...

7.8CVSS7.5AI score0.02582EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/05 12:0 a.m.40 views

Photon OS 2.0: Go PHSA-2020-2.0-0238

An update of the go package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0238. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid136327;...

7.8CVSS7.5AI score0.02582EPSS
Exploits0References2
Mageia
Mageia
added 2020/04/15 10:12 a.m.41 views

Updated golang packages fix security vulnerability

Updated golang packages fix security vulnerability: An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or other ASN.1 structure, as...

7.8CVSS7.7AI score0.02582EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/10 12:0 a.m.39 views

Fedora 31 : golang (2020-12bc5b5597)

Rebase to go1.13.9 - Security fix for CVE-2020-7919 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

7.8CVSS7AI score0.02582EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/03 8:0 p.m.24 views

CVE-2020-7919

An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or other ASN.1 structure, as either a client or server to crash vulnerable Go...

7.8CVSS3.8AI score0.02582EPSS
Exploits0References3
Wolfi
Wolfi
added 2020/03/16 9:15 p.m.24 views

CVE-2020-7919 vulnerabilities

Vulnerabilities for packages: k3d...

7.8CVSS7.5AI score0.02582EPSS
Exploits0
Chainguard
Chainguard
added 2020/03/16 9:15 p.m.22 views

CVE-2020-7919 vulnerabilities

Vulnerabilities for packages: dex-k8s-authenticator, k3d...

7.8CVSS6.8AI score0.02582EPSS
Exploits0
CVE
CVE
added 2020/03/16 8:55 p.m.423 views

CVE-2020-7919

The CVE-2020-7919 issue affects Go before 1.12.16 and Go 1.13.x before 1.13.7, including the crypto/cryptobyte package (0.0.0-20200124225646-8b5121be2f68). A malformed X.509 certificate can cause a panic in clients, enabling denial-of-service conditions. In practice, Helm advisories note Go 1.14....

7.8CVSS7.3AI score0.02582EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder