8 matches found
Mageia: Security Advisory (MGASA-2024-0376)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-733)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-733 advisory. Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-666)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-666 advisory. The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an Expect: 100-continue header with a non-informational 200 or higher status. This mishandling could leave a...
Mageia: Security Advisory (MGASA-2024-0181)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-394)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-394 advisory. Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-310)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-310 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fi...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-209)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-209 advisory. html/template: improper sanitization of CSS values Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-048)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-048 advisory. A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196 A...