CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

Positive Technologies•added 2025/01/01 12:0 a.m.•10 views

PT-2025-14376

Name of the Vulnerable Software and Affected Versions Go versions 1.23 through 1.23.7 Go versions 1.24 through 1.24.1 Description The issue concerns a security fix for the net/http package. Recommendations For Go versions 1.23 through 1.23.7, update to version 1.23.8. For Go versions 1.24 through...

9.8CVSS7.4AI score0.00682EPSS

Exploits0References398

OSSF Malicious Packages•added 2024/11/14 8:10 a.m.•6 views

Malicious code in p-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e6020c72434d3e7647714902b693a6b7724105d815480ccd6ea906112b33e23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2024/11/14 8:10 a.m.•6 views

MAL-2024-10707 Malicious code in p-http (npm)

7AI score

Exploits0References1

OSV•added 2024/11/07 10:8 a.m.•13 views

SUSE-SU-2024:3938-1 Security update for go1.22-openssl

This update for go1.22-openssl fixes the following issues: This update ships go1.22-openssl 1.22.7.1 jscSLE-18320 - Update to version 1.22.7.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.7-1-openssl-fips. Update to Go 1.22.7 229 - go1.22.7 released 2024-09-05 includes...

9.8CVSS8.4AI score0.91969EPSS

Exploits2References31

IBM Security Bulletins•added 2024/06/21 3:3 p.m.•29 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326)

Summary Potential Golang Go Information disclosure vulnerabilitiy.CVE-2023-39326 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go...

5.3CVSS5.9AI score0.01208EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/06/05 8:46 p.m.•41 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go Vulnerability Details CVEID:CVE-2023-45285 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when using go get to fetch a module with the ".git" suffix...

9.8CVSS8.6AI score0.03796EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/04/25 5:26 a.m.•49 views

Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).

Summary Golang Go is used by IBM Event Streams and could allow a remote attacker to obtain sensitive information, caused by a flaws in modules with ".git" suffix and in the net/http package. By sending specially crafted requests, an attacker can attain these privileges. Vulnerability Details...

7.5CVSS6.9AI score0.02758EPSS

Exploits0Affected Software1

Redos•added 2024/04/02 12:0 a.m.•34 views

ROS-20240402-17

A vulnerability in the net/http package of the Go programming language is related to information disclosure. vulnerability could allow a remote attacker to disclose protected information. A vulnerability in the cmd-go component of the Go programming language is related to public data transmission...

7.5CVSS7.1AI score0.02758EPSS

Exploits0

OSV•added 2024/03/06 10:57 a.m.•30 views

BIT-GOLANG-2022-41725 Excessive resource consumption in mime/multipart

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

7.5CVSS8.5AI score0.01231EPSS

Exploits0References6

OSV•added 2024/03/06 10:56 a.m.•25 views

BIT-GOLANG-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS8.7AI score0.01466EPSS

Exploits0References9

RedHat Linux•added 2024/03/05 6:17 p.m.•3 views

golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...

5.3CVSS7.3AI score0.01208EPSS

Exploits0References5

Tenable Nessus•added 2023/12/14 12:0 a.m.•10 views

Fedora 38 : golang (2023-ace2655259)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ace2655259 advisory. This release includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command...

5.6AI score

Exploits0References1

RedHat Linux•added 2023/06/23 4:43 a.m.•4 views

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01231EPSS

Exploits0References8

OSV•added 2023/04/06 4:15 p.m.•23 views

CVE-2023-24536

7.5CVSS7.7AI score

Exploits0References8