Lucene search
K

26 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Golang 1.19, Golang 1.23

If the PATH environment variable contains paths that are executable files rather than just directories, passing certain strings to LookPath "", ".", and ".." may cause the binaries listed in the PATH to be returned unexpectedly...

6.5CVSS6.3AI score0.00489EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2026/01/29 6:36 p.m.11 views

CVE-2025-68121 affecting package golang for versions less than 1.24.12-1

CVE-2025-68121 affecting package golang for versions less than 1.24.12-1. A patched version of the package is available...

10CVSS5.9AI score0.00765EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/01/29 6:36 p.m.8 views

CVE-2025-61726 affecting package golang for versions less than 1.25.6-1

CVE-2025-61726 affecting package golang for versions less than 1.25.6-1. A patched version of the package is available...

7.5CVSS8.2AI score0.01945EPSS
Exploits0
OSV
OSV
added 2026/01/28 8:16 p.m.5 views

AZL-75695 CVE-2025-61726 affecting package golang for versions less than 1.24.12-1

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS7.2AI score0.01945EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2025/11/18 12:48 a.m.8 views

CVE-2025-47906 affecting package golang for versions less than 1.24.6-1

CVE-2025-47906 affecting package golang for versions less than 1.24.6-1. An upgraded version of the package is available that resolves this issue...

6.5CVSS6.9AI score0.00489EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-47912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresse...

5.3CVSS7.6AI score0.00443EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-61724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large,...

5.3CVSS7.7AI score0.00526EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-61725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this...

7.5CVSS6.6AI score0.00613EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-61723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM...

7.5CVSS7.1AI score0.00626EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-58186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such ...

5.3CVSS7.7AI score0.00534EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2025/09/08 3:7 p.m.5 views

CVE-2025-22874 affecting package golang for versions less than 1.24.4-1

CVE-2025-22874 affecting package golang for versions less than 1.24.4-1. A patched version of the package is available...

7.5CVSS6.7AI score0.00311EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-47906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath , ., and .., can result ...

6.5CVSS6.4AI score0.00489EPSS
Exploits1References4
OSV
OSV
added 2025/06/11 5:15 p.m.7 views

AZL-63716 CVE-2025-4673 affecting package golang for versions less than 1.18.8-9

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.8AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2025/06/11 5:15 p.m.5 views

AZL-63725 CVE-2025-4673 affecting package golang for versions less than 1.22.7-5

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.7AI score0.0056EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.14 views

Golang 1.24.x < 1.24.3 Directory Traversal

The version of Golang running on the remote host is 1.24.x prior to 1.24.3. It is, therefore, affected by a directory traversal vulnerability that makes it possible to improperly access the parent directory of an os.Root. Note that Nessus has not tested for this issue but has instead relied only ...

3.8CVSS5.2AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2024/12/12 10:0 p.m.27 views

GO-2022-0635 In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

2.5CVSS3.9AI score0.00231EPSS
Exploits1References7
OSV
OSV
added 2024/10/01 7:15 p.m.9 views

AZL-52774 CVE-2024-9355 affecting package golang for versions less than 1.22.9-1

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS7.2AI score0.00297EPSS
Exploits0References1
OSV
OSV
added 2023/08/02 8:15 p.m.7 views

AZL-37302 CVE-2023-29409 affecting package golang for versions less than 1.21.6-1

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS6.6AI score0.01328EPSS
Exploits0References1
OSV
OSV
added 2023/06/08 9:15 p.m.9 views

AZL-47146 CVE-2023-29404 affecting package golang for versions less than 1.22.7-2

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

9.8CVSS7AI score0.01837EPSS
Exploits0References1
OSV
OSV
added 2023/06/08 9:15 p.m.7 views

AZL-37329 CVE-2023-29402 affecting package golang for versions less than 1.21.6-1

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

9.8CVSS6.7AI score0.01708EPSS
Exploits0References1
Rows per page
Query Builder