Undefined Behavior

encoding/xml in github.com/golang/go is vulnerable to undefined behavior. The vulnerability is possible because it does not correctly preserve the semantics of directives during tokenization round-trips...

SUSE SLES15 Security Update : buildah (SUSE-SU-2020:3423-1)

This update for buildah fixes the following issues : buildah was updated to v1.17.0 bsc1165184 : Handle cases where other tools mount/unmount containers overlay.MountReadOnly: support RO overlay mounts overlay: use fusermount for rootless umounts overlay: fix umount Switch default log level of...

Denial Of Service (DoS)

math/big in github.com/golang/go is vulnerable to denial of service. An attacker can send a divisor or modulo argument larger than 3168 bits on 32-bit architectures or 6336 bits on 64-bit architectures to a number of math/big.Int methods Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqr...

Denial Of Service (DoS)

github.com/ethereum/go-ethereum is vulnerable to denial of service DoS. An attacker is able crash the application by sending malicious input for block processing...

Sandbox Escape

github.com/hashicorp/nomad is vulnerable to sandbox escape. The vulnerability exists through docker.volumes.enabled flag is not explicitly disabled or when using a volume mount type, subverts the default Docker file sandbox feature...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to denial of service DoS. Incorrect use of namespaces in comparisons allow an attacker to send infinite Raft writes to cause a namespace replication bug, leading to a resource exhaustion and an application crash...

Mail.ru: Exposed Credentials May Leads to Tarantool Infrastructure Leak

Application configuration data related to Tarantool project was leaked on github.com...

Denial Of Service (DoS)

github.com/antchfx/xmlquery is vulnerable to denial of service DoS attacks. The vulnerability exists because the LoadURL function in node.go fails to properly validate the type/format of incoming responses from URL before parsing and proceeding to the next process, allowing an attacker to pass UR...

Arbitrary File Write

github.com/u-root/u-root/pkg/tarutil is vulnerable to arbitrary file write. The vulnerability exists due to the incorrect usage of filepath.Join"/", path when performing cpio file extraction...

CVE-2020-7665

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

Path traversal

This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based relative and absolute path traversal attacks in cpio file extraction...

CVE-2020-7711

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...

CVE-2020-7711

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...

CVE-2020-7711

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...

CVE-2020-7711

CVE-2020-7711 affects gosaml2 prior to 0.7.0 and goxmldsig prior to 1.1.1. The underlying issue is a nil-pointer dereference when validating malformed XML Digital Signatures, leading to crashes (potential DoS). Remediation per the connected documents: upgrade gosaml2 to 0.7.0+ and goxmldsig to 1....

Mail.ru: Bitbucket public repo leaking credentials from the 1C Enterprise system used by Samokat

Application configuration data related to Samokat project was leaked on github.com...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to denial of service. An infinite read loop in ReadUvarint and ReadVarint allows an attacker to create a denial of service condition via malicious input...

Mail.ru: NPM_API_KEY Leak

Sensitive application configuration data related to samokat.ru was leaked on github.com...

CVE-2020-7667

In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all...

Design/Logic Flaw

In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all...