126 matches found
EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1025)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization...
CVE-2020-29511
A flaw was found in go. Encoding and decoding of XML elements could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on element integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SAML a...
DEBIAN-CVE-2020-29509
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
AZL-6448 CVE-2020-29509 affecting package golang for versions less than 1.20.10-1
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
AZL-78896 CVE-2020-29511 affecting package golang 1.25.7-1
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29511
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29510
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29510
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
AZL-6449 CVE-2020-29511 affecting package golang for versions less than 1.20.10-1
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
Code injection
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
UBUNTU-CVE-2020-29511
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
Code injection
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29509
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
UBUNTU-CVE-2020-29510
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29509
CVE-2020-29509 affects the Go encoding/xml package (all versions) where tokenization round-trips do not preserve attribute namespace prefixes, enabling inputs that behave inconsistently across processing stages in affected downstream applications. Connected sources confirm the vulnerability in Go...
CVE-2020-29509
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29509
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29511
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29511
CVE-2020-29511 affects the Go standard library encoding/xml. The initial description states that all Go versions fail to preserve the semantics of element namespace prefixes during tokenization round-trips, enabling inputs that may behave inconsistently across processing stages in affected downst...
CVE-2020-29511
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...