14 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-42503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit ho...
EUVD-2026-27872
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
DEBIAN-CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
UBUNTU-CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This c...
CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This c...
CVE-2026-42503 Accidental binding to INADDR_ANY might lead to RCE in golang.org/x/tools/gopls
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
CVE-2026-42503 Accidental binding to INADDR_ANY might lead to RCE in golang.org/x/tools/gopls
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
CVE-2026-42503
The CVE-2026-42503 issue affects gopls (golang.org/x/tools/gopls). When -listen (or -port) is used without an explicit host, gopls binds to 0.0.0.0, potentially allowing a malicious party on the same network to execute arbitrary code. This is described in the NVD entry and corroborated by multipl...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where the listening address is bound to 0.0.0.0, allowing malicious parties on the same network to...
PT-2026-37661
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...
Malicious code in gopls (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70f8923e6ec83498d938e6e5328b9888a9c8b9fdb046fc744754dbe5a401f1f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3419 Malicious code in gopls (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70f8923e6ec83498d938e6e5328b9888a9c8b9fdb046fc744754dbe5a401f1f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...