43 matches found
Alibaba Cloud Linux 3 : 0055: go-toolset:rhel8 (ALINUX3-SA-2023:0055)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0055 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-29402: The go command may generat...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF026 and 23.0.1-IF004. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of...
Linux Distros Unpatched Vulnerability : CVE-2023-29403
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as...
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
CVE-2023-29403 affecting package golang for versions less than 1.21.6-1
CVE-2023-29403 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-29403 affecting package golang for versions less than 1.21.6-1
CVE-2023-29403 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
K000138679: Golang vulnerabilities CVE-2023-24540, CVE-2023-29400, and CVE-2023-29403
Security Advisory Description CVE-2023-24540 Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-2786)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization...
Oracle TimesTen 18.x < 18.1.4.39.0, 22.x < 22.1.1.18.0 Multiple Vulnerabilities (October 2023 CPU)
The version of Oracle TimesTen installed on the remote host is 18.x prior to 18.1.4.39.0 or 22.x prior to 22.1.1.18.0. It is, therefore, affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory: - Security-in-Depth issue in the TimesTen In-Memory Database product of...
CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is available...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST
Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29402 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to elevated privileges in Golang Go [CVE-2023-29403]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to elevated privileges in Golang Go, caused by a flaw when a binary is run with the setuid/setgid bits CVE-2023-29403. Golang Go is included as part of the operators used by our Speech Services. This...
Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-29400, CVE-2023-24540, CVE-2023-24539, X-Force 250518)
Summary Golang Go is used by the IBM Storage Protect Server OSSM component. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a local authenticated attacker to gain elevated privileges on the system,...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2842)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2810)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to code injection and privilege escalation due to multiple vulnerabilities in Go with details below. CVE-2023-29400, CVE-2023-29402, CVE-2023-29404, CVE-2023-29403, CVE-2023-29405 The vulnerabilities...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator
Summary Multiple issues were identified in Red Hat UBI packages systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. IBM has addressed the vulnerabilities. Vulnerability Details...
Important: containerd
Issue Overview: On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed...