SQL Injection

Description A SQL Injection in rqlite store Proof of Concept use example code go package main import "io" "log" "net/http" "github.com/alexedwards/scs/rqlitestore" "github.com/alexedwards/scs/v2" "github.com/rqlite/gorqlite" var sessionManager scs.SessionManager func main // Establish connection ...

GHSA-CMGW-8VPC-RC59 Segfault on strings tensors with mistmatched dimensions, due to Go code

Impact Under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

Asterisk 17.6.0 / 17.5.1 Denial Of Service

Asterisk crash due to INVITE flood over TCP - Fixed versions: 13.37.1, 16.14.1, 17.8.1, 18.0.1 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2020-02-asterisk-tcp-invite-crash - Asterisk Security Advisory:...

thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...