Lucene search
K

9 matches found

Mageia
Mageia
added 2026/02/11 5:56 p.m.13 views

Updated golang packages fix security vulnerabilities

net/http: memory exhaustion in Request.ParseForm. CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives. CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level. CVE-2025-61730 cmd/go: bypass of flag sanitization can lead to...

10CVSS6.5AI score0.01945EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.7 views

Amazon Linux 2 : golang, --advisory ALAS2-2026-3136 (ALAS-2026-3136)

The version of golang installed on the remote host is prior to 1.24.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3136 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...

10CVSS8.4AI score0.01945EPSS
Exploits2References14
Amazon
Amazon
added 2026/02/05 12:0 a.m.10 views

Medium: runfinch-finch

Issue Overview: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives...

10CVSS7AI score0.01945EPSS
Exploits4
Amazon
Amazon
added 2026/02/05 12:0 a.m.7 views

Medium: nerdctl

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS7.5AI score0.01945EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2026/01/28 8:16 p.m.5 views

CVE-2025-61731

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...

7.8CVSS7.1AI score0.00532EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/01/22 12:13 p.m.4 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. CVE-2025-68119: cmd/go: unexpected code execution when invoking...

7.6CVSS6.4AI score0.01945EPSS
Exploits2References26
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.13 views

Golang 1.25.x < 1.25.6 Multiple Vulnerabilities

The version of Golang running on the remote host is 1.25.x prior to 1.25.6. It is, therefore, affected by multiple vulnerabilities as referenced in advisory. - bypass of flag sanitization can lead to arbitrary code execution. CVE-2025-61731 - unexpected code execution when invoking toolchain...

10CVSS8AI score0.01945EPSS
Exploits2References13
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2026-2489

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description A flaw exists where downloading and building modules with malicious version strings can lead to local code execution. Systems utilizing Mercurial hg are susceptible to unexpected code execution wh...

9.8CVSS7.4AI score0.00335EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.8 views

PT-2026-2482

Name of the Vulnerable Software and Affected Versions cmd/go affected versions not specified Description A malicious file created using cmd/go can result in a write operation to a file controlled by an attacker, with partial control over the file's content. The issue stems from the use of the 'cg...

7.8CVSS7AI score0.00532EPSS
Exploits0References434
Rows per page
Query Builder