HashiCorp Vault Security Breach

HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A security vulnerability exists in HashiCorp Vault, Vault Enterprise versions prior to 1.17.0, 1.16.3, and 1.15.9, which stems from failure to properly validate JSON Web Token JWT role-bound audience...

CVE-2021-22748

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit V1.15.9 and prior, C-Gate Server V2.11.7 and prior...

DEBIAN-CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

Design/Logic Flaw

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

Security fix for the ALT Linux 9 package golang version 1.15.9-alt1

March 11, 2021 Alexey Shabalin 1.15.9-alt1 - New version 1.15.9. - Fixes: + CVE-2021-27918 + CVE-2021-27919...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...