Lucene search
K

381 matches found

Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.188 views

Accellion FTA Statecode Cookie Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Accellion FTA 'statecode' Cookie Arbitrary File Read", 'Description' = %q This module exploits a file disclosure vulnerability in the Accellion...

9.8CVSS7AI score0.84178EPSS
Exploits12
Redos
Redos
added 2024/08/05 12:0 a.m.23 views

ROS-20240805-08

A vulnerability in the golang package of the Debian GNU/Linux operating system is related to a lack of protection for service data. data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A vulnerability in the golang package of the...

7.5CVSS7.9AI score0.01815EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 6:47 p.m.46 views

Security Bulletin: Vulnerabilities in Golang Go affect Cloud pak System [CVE-2023-39319, CVE-2023-39318]

Summary Vulnerabilities in Golang Go affect Cloud Pak System Software. Vulnerability Details CVEID:CVE-2023-39319 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker could exploit this...

6.1CVSS7AI score0.00815EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/07/29 12:19 a.m.5 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS7.2AI score0.00795EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/07/29 12:0 a.m.38 views

RHEL 7 : rhc-worker-script (RHSA-2024:4893)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4893 advisory. The rhc-worker-script package provides a worker for the Remote Host Configuration rhc for the purpose of executing an interpreted programmin...

9.8CVSS7.6AI score0.01952EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2024/07/22 12:0 a.m.360 views

Xhibiter NFT Marketplace 1.10.2 Cross Site Scripting

==================================================================================================================================== | Title : Xhibiter NFT Marketplace 1.10.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2024/07/01 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1870)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7AI score0.01165EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/06/27 1:6 p.m.7 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS7.2AI score0.00795EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2024/06/25 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1814)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.91969EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/25 12:0 a.m.27 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affec...

7.5CVSS7.4AI score0.91969EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/06/25 12:0 a.m.41 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affec...

7.5CVSS7.4AI score0.91969EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/06/20 12:39 p.m.4 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS7.2AI score0.00795EPSS
Exploits0References8
OSV
OSV
added 2024/06/14 1:59 p.m.38 views

RLSA-2024:3259 Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and...

7.5CVSS8.1AI score0.91969EPSS
Exploits1References7
Rockylinux
Rockylinux
added 2024/06/14 1:59 p.m.45 views

go-toolset:rhel8 security update

An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

7.5CVSS5.5AI score0.91969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.34 views

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2024:3259)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3259 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...

7.5CVSS7.3AI score0.91969EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2024/06/11 2:33 a.m.28 views

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.2 security and bug fix update

OpenShift API for Data Protection OADP 1.3.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS6.7AI score0.01165EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.22 views

RHEL 9 : heketi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: encoding/gob: stack exhaustion in Decoder.Decode CVE-2022-30635 Note that Nessus has not tested for this...

7.5CVSS8AI score0.01403EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/29 1:33 p.m.4 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS7AI score0.00798EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.43 views

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-2988)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2988 advisory. - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type wh...

7.5CVSS7.1AI score0.93305EPSS
Exploits7References17
RedHat Linux
RedHat Linux
added 2024/05/23 3:28 p.m.10 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS7AI score0.00798EPSS
Exploits0References8
Rows per page
Query Builder