12 matches found
EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1236)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1214)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1313)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...
Oracle Linux 9 : golang (ELSA-2024-1131)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1131 advisory. 1.20.12-1 - Rebase to 1.20.12 - Fix CVE-2023-45285 CVE-2023-39326 Tenable has extracted the preceding description block directly from the Oracle Linux...
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2024:0887)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0887 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4708-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4708-1 advisory. - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or...
Golang 1.20.x < 1.20.12, 1.21.x < 1.21.5 Multiple Vulnerabilities
The version of Golang running on the remote host is prior to 1.20.12 or 1.21.x prior to 1.21.5. It is, therefore, is affected by multiple vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from t...
SUSE CVE-2023-45285
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
AZL-32103 CVE-2023-45285 affecting package msft-golang for versions less than 1.22.3-1.
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
AZL-37438 CVE-2023-45285 affecting package golang for versions less than 1.21.6-1
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
AZL-37323 CVE-2023-45285 affecting package golang for versions less than 1.21.6-1
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
UBUNTU-CVE-2023-45285
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...