EUVD-2026-31863

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

Security Bulletin: IBM Quantum Safe Remediator is affected by multiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the libraries versions. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a...

Astra Linux - уязвимость в thrift

In Apache Thrift versions 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when receiving invalid input data...

goshs 安全漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs 2.0.0-beta.4 to 2.0.0-beta.5 contain security vulnerabilities. These vulnerabilities stem from HTTP GET routes that involve state changes, lacking CSRF, Origin, or Referer validation. This could allow...

SUSE CVE-2026-40189

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload...

CVE-2026-35393 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3...

CVE-2026-35393

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3...

CLEANSTART-2026-WG18689 attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Multiple security vulnerabilities affect the minio-client-fips package. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. See references for individual vulnerability details...

CLEANSTART-2026-AN66259 attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Multiple security vulnerabilities affect the minio-client-fips package. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. See references for individual vulnerability details...

GO-2025-4133 Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server

Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

EUVD-2021-1123

Malware in sbrugna...

Fedora 39 : golang-helm-3 (2023-46c95e2c57)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-46c95e2c57 advisory. Automatic update for golang-helm-3-3.11.1-1.fc39. Changelog Tue Feb 21 2023 Davide Cavalca - 3.11.1-1 - Update to 3.11.1; Fixes: RHBZ1977738,...

RHEL 8 / 9 : OpenShift Container Platform 4.12.8 (RHSA-2023:1268)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1268 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

BIT-GOLANG-2022-41717 Excessive memory growth in net/http and golang.org/x/net/http2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

RHCOS 4 : OpenShift Container Platform 4.12.8 (RHSA-2023:1268)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1268 advisory. - golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 - haproxy: request smuggling...

RHCOS 4 : Red Hat OpenShift Enterprise (RHSA-2023:3910)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3910 advisory. - golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 - openshift: OCP & FIPS mode...

Fedora 39 : golang-x-mod (2024-fb32950d11)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fb32950d11 advisory. Update to v0.14.0 to address CVE-2022-41717 and CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora securi...

Fedora 38 : golang-x-mod (2024-ae653fb07b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ae653fb07b advisory. Update to v0.14.0 to address CVE-2022-41717 and CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora securi...

GLSA-202311-09 : Go: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202311-09 Go: Multiple Vulnerabilities - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource...

Fedora 39 : htmltest (2023-946dfaf17f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-946dfaf17f advisory. Security fix for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...