RHEL 9 : delve and golang (RHSA-2025:3773)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3773 advisory. The Go Programming Language. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structur...

Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive headers incorrectly sent after...

ROS-20250403-13

Vulnerability of net/http, x/net/proxy and x/net/http/httpproxy packages of Go programming language is related to incorrect mapping of hosts to proxy server templates. Exploitation of the vulnerability could allow an intruder to affect confidentiality and availability of protected information...

ROS-20250403-04

A vulnerability in the Go programming language is related to improper syntax correctness checking of input. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...

CVE-2025-29923

go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...

golang bug fix update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Bug Fixes:...

Linux Distros Unpatched Vulnerability : CVE-2020-29511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allow...

Linux Distros Unpatched Vulnerability : CVE-2020-14040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the...

CVE-2022-39200

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

Exploit for Path Traversal in Apache Http_Server

SSH Key and RCE PoC for CVE-2021-41773 This repository contai...

[SECURITY] Fedora 40 Update: golang-1.22.11-1.fc40

The Go Programming Language...

ROS-20250128-03

A vulnerability in the Go programming language is related to the fact that the application does not properly control the consumption of internal resources in several Parse functions. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...

[SECURITY] Fedora 41 Update: golang-1.23.5-1.fc41

The Go Programming Language...

[SECURITY] Fedora 41 Update: golang-github-aws-sdk-2-20250103-1.fc41

AWS SDK for the Go programming language...

PT-2025-42736

Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description The net/url package does not properly validate bracketed IPv6 hostnames. This can lead to issues when parsing URLs containing IPv6 addresses enclosed in brackets. Recommendations Update to ...

[SECURITY] Fedora 41 Update: golang-github-task-3.40.1-1.fc41

A task runner / simpler Make alternative written in Go...

The vulnerability of the Curve.IsOnCurve component in the Golang programming language, which allows a malicious actor to influence the accessibility and integrity of the resource.

The vulnerability of the Curve.IsOnCurve component in the Golang programming language is related to incorrect checking of the returned value by a method or function. Exploiting this vulnerability can allow an attacker to influence the accessibility and integrity of a resource...

SUSE-SU-2024:4010-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2023-3978: Fixed security bug in x/net dependency bsc1213933 - Other changes and issues fixed: Delete unpackaged debug files for RHEL Do not include source files in the package for RHEL 9...

ROS-20241112-03

Vulnerability of the JWE, JWS, JWT go-jose standards set implementation package for Go programming language is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service Vulnerability of...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...