Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

120 matches found

Tenable Nessus
Tenable Nessusadded 2023/01/24 12:0 a.m.49 views

Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-0328)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0328 advisory. golang 1.18.9-1 - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz2144547 - Resolves:...

7.5CVSS7.2AI score0.00031EPSS
Exploits1References4
AlmaLinux
AlmaLinuxadded 2023/01/23 12:0 a.m.46 views

Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputi...

7.5CVSS8AI score0.00031EPSS
Exploits1References8
Tenable Nessus
Tenable Nessusadded 2023/01/23 12:0 a.m.128 views

RHEL 9 : go-toolset and golang (RHSA-2023:0328)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0328 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go...

7.5CVSS7.2AI score0.00331EPSS
Exploits2References13
RedHat Linux
RedHat Linuxadded 2023/01/17 7:29 p.m.82 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

8.2CVSS6.7AI score0.03414EPSS
Exploits7References13
Tenable Nessus
Tenable Nessusadded 2022/11/22 12:0 a.m.57 views

Oracle Linux 9 : podman (ELSA-2022-7954)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7954 advisory. 2:4.2.0-3.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 2:4.2.0-3 - fix dependency in test subpackage - Related:...

7.5CVSS7.3AI score0.01026EPSS
Exploits7References9
AlmaLinux
AlmaLinuxadded 2022/11/15 12:0 a.m.57 views

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension...

7.5CVSS8.3AI score0.01026EPSS
Exploits7References18
OpenVAS
OpenVASadded 2022/10/20 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2022:3669-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.00031EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2022/10/20 12:0 a.m.33 views

SUSE SLED15 / SLES15 Security Update : go1.18 (SUSE-SU-2022:3668-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3668-1 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could...

7.5CVSS7AI score0.00031EPSS
Exploits1References11
Tenable Nessus
Tenable Nessusadded 2022/10/20 12:0 a.m.31 views

SUSE SLED15 / SLES15 Security Update : go1.19 (SUSE-SU-2022:3669-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3669-1 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could...

7.5CVSS7AI score0.00031EPSS
Exploits1References11
OSV
OSVadded 2022/10/19 7:35 p.m.6 views

SUSE-SU-2022:3669-1 Security update for go1.19

This update for go1.19 fixes the following issues: Updated to version 1.19.2 bsc1200441: - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax bsc1204023. - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar bsc1204024. - CVE-2022-2880: Fixed ReverseProxy...

7.5CVSS7.7AI score0.00031EPSS
Exploits1References8
NVD
NVDadded 2022/10/14 3:15 p.m.14 views

CVE-2022-2880

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

7.5CVSS0.00031EPSS
Exploits1References5
OSV
OSVadded 2022/10/14 3:15 p.m.1 views

AZL-11129 CVE-2022-2880 affecting package golang for versions less than 1.19.10-1

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

7.5CVSS6.6AI score0.00031EPSS
Exploits1References1
OSV
OSVadded 2022/10/14 3:15 p.m.17 views

CVE-2022-2880

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

7.5CVSS7.4AI score
Exploits0References5
Prion
Prionadded 2022/10/14 3:15 p.m.20 views

Design/Logic Flaw

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

5CVSS7.5AI score0.00031EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCveadded 2022/10/14 3:15 p.m.30 views

CVE-2022-2880

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

7.5CVSS6.8AI score0.00031EPSS
Exploits1References6
Veracode
Veracodeadded 2022/10/14 11:52 a.m.32 views

HTTP Request Smuggling

Go is vulnerable to HTTP request smuggling. The vulnerability is due to a lack of sanitizations in the query parameter for ReverseProxy. Remote attackers can cause query parameter smuggling when a go proxy forwards a parameter with an unparseable value...

7.5CVSS7.6AI score0.00031EPSS
Exploits1References15Affected Software17
Cvelist
Cvelistadded 2022/10/14 12:0 a.m.15 views

CVE-2022-2880 Incorrect sanitization of forwarded query parameters in net/http/httputil

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

7.8AI score0.00031EPSS
Exploits1References5
Debian CVE
Debian CVEadded 2022/10/14 12:0 a.m.62 views

CVE-2022-2880

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

7.5CVSS6.6AI score0.00031EPSS
Exploits1
CVE
CVEadded 2022/10/14 12:0 a.m.498 views

CVE-2022-2880

CVE-2022-2880 affects golang under the net/http/httputil ReverseProxy: requests forwarded may include raw/unparsable inbound query parameters, enabling query parameter smuggling if the proxy forwards such values. The issue is mitigated by the fix that sanitizes forwarded query parameters when the...

7.5CVSS7.7AI score0.00031EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2022/10/06 4:42 p.m.24 views

GO-2022-1038 Incorrect sanitization of forwarded query parameters in net/http/httputil

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

7.5CVSS6.5AI score0.00031EPSS
Exploits1References3
Rows per page
Query Builder