Lucene search
+L

45 matches found

OSV
OSV
added 2025/05/30 6:45 p.m.7 views

CVE-2025-48938 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

6.5CVSS6.5AI score0.00429EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.7 views

go-gh 安全漏洞

go-gh is a collection of Go modules open sourced from the GitHub CLI. It is used to interact with gh and GitHub APIs from the command line. A security vulnerability exists in go-gh versions prior to 2.12.1, which stems from an attacker-controlled GitHub Enterprise Server could lead to the executi...

9.8CVSS6.8AI score0.00429EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.6 views

CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

6.4CVSS7.7AI score0.0076EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/05/03 2:31 p.m.43 views

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below - github.com/truthfulpharm/prototransfor...

7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.9 views

PT-2025-5698 · Wasmvm · Wasmvm

Name of the Vulnerable Software and Affected Versions: wasmvm versions 2.2.0 through 2.2.1 wasmvm versions 2.1.0 through 2.1.4 wasmvm versions 2.0.0 through 2.0.5 wasmvm versions prior to 1.5.8 Description: The issue can be used to crash the chain and is present on both permissioned and...

7.1AI score
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:20 p.m.48 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )

Summary Nginx is used by IBM Cloud Pak for Data as part of the web interface. CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods o...

7.5CVSS6.9AI score0.04561EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2024/05/08 2:50 a.m.6 views

SUSE CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -ltolibrary flag in a "cgo LDFLAGS" directive...

6.4CVSS8AI score0.0076EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2024/02/20 12:38 p.m.9 views

golang: cmd/go: Protocol Fallback when fetching modules

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available...

7.5CVSS7.3AI score0.01137EPSS
Exploits0References5
Fedora
Fedora
added 2024/01/18 1:26 a.m.32 views

[SECURITY] Fedora 38 Update: golang-x-mod-0.14.0-1.fc38

This packages holds packages for writing tools that work directly with Go mod ule mechanics. That is, it is for direct manipulation of Go modules themselves...

7.5CVSS8.5AI score0.93305EPSS
Exploits4
OpenVAS
OpenVAS
added 2024/01/18 12:0 a.m.34 views

Fedora: Security Advisory (FEDORA-2024-fb32950d11)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.4AI score0.93305EPSS
Exploits4References6
OSV
OSV
added 2023/12/22 11:6 a.m.5 views

OESA-2023-1935 golang security update

. Security Fixes: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...

7.5CVSS5.1AI score0.01208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/12/07 2:5 a.m.5 views

SUSE CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

6.5CVSS7.4AI score0.01137EPSS
Exploits0References10
OSV
OSV
added 2023/12/06 5:15 p.m.5 views

DEBIAN-CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS6.8AI score0.01137EPSS
Exploits0References1
OSV
OSV
added 2023/12/06 12:0 a.m.4 views

UBUNTU-CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS6.9AI score0.01137EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2023/05/15 12:0 a.m.36 views

grafana-pcp security and enhancement update

5.1.1-1 - update to 5.1.1 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 5.0.0-4 - update to 5.0.0 tagged upstream community sources, see CHANGELOG - install plugin in /usr/share and create symlink from /var...

7.5CVSS6.9AI score0.02607EPSS
Exploits0
OSV
OSV
added 2023/03/15 1:15 p.m.5 views

CVE-2022-45155

An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...

5.5CVSS5.8AI score0.00206EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.6 views

openSUSE 安全漏洞

openSUSE is a suite of Linux-based free operating systems and open source community projects from the German company SUSE. A security vulnerability exists in SUSE openSUSE Factory obs-service-gomodules versions prior to 0.6.1, which stems from a vulnerability that allows an attacker to delete fil...

5.5CVSS5.7AI score0.00206EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2023/03/10 12:0 a.m.42 views

traefik -- Use of vulnerable Go modules net/http, net/textproto

The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...

7.5CVSS8.4AI score0.01888EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/03/04 3:33 a.m.9 views

SUSE CVE-2022-45155

An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...

5.5CVSS6.8AI score0.00206EPSS
Exploits1References3
Fedora
Fedora
added 2022/07/31 1:37 a.m.15 views

[SECURITY] Fedora 36 Update: golang-x-mod-0.6.0~dev-4.20220330git9b9b3d8.fc36

This packages holds packages for writing tools that work directly with Go mod ule mechanics. That is, it is for direct manipulation of Go modules themselves...

7.4AI score
Exploits0
Rows per page
Query Builder