Lucene search
K

25 matches found

OSV
OSV
added 2024/03/05 11:15 p.m.5 views

AZL-37462 CVE-2023-45289 affecting package golang for versions less than 1.21.6-1

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

4.3CVSS6.6AI score0.0108EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.6 views

AZL-37504 CVE-2023-45290 affecting package golang for versions less than 1.21.6-1

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

6.5CVSS6.7AI score0.01165EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.11 views

CVE-2024-24785 affecting package golang for versions less than 1.21.6-1

CVE-2024-24785 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

5.4CVSS7.7AI score0.00795EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.21 views

CVE-2023-45290 affecting package golang for versions less than 1.21.6-1

CVE-2023-45290 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

6.5CVSS7.2AI score0.01165EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.36 views

CVE-2023-24532 affecting package golang for versions less than 1.21.6-1

CVE-2023-24532 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

5.3CVSS7.8AI score0.00817EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.19 views

CVE-2022-41722 affecting package golang for versions less than 1.21.6-1

CVE-2022-41722 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

7.5CVSS8.6AI score0.01678EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.17 views

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

7.5CVSS8.1AI score0.01137EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.20 views

CVE-2022-2880 affecting package golang for versions less than 1.21.6-1

CVE-2022-2880 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

7.5CVSS7.2AI score0.01094EPSS
Exploits1
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.45 views

CVE-2023-39325 affecting package golang for versions less than 1.21.6-1

CVE-2023-39325 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

7.5CVSS7.8AI score0.03796EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.18 views

CVE-2022-29526 affecting package golang for versions less than 1.21.6-1

CVE-2022-29526 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

5.3CVSS9.2AI score0.02593EPSS
Exploits1
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.15 views

CVE-2022-41715 affecting package golang for versions less than 1.21.6-1

CVE-2022-41715 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

7.5CVSS7.2AI score0.01339EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.20 views

CVE-2023-24538 affecting package golang for versions less than 1.21.6-1

CVE-2023-24538 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

9.8CVSS10AI score0.02281EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.13 views

CVE-2023-39325 affecting package golang for versions less than 1.21.6-1

CVE-2023-39325 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

7.5CVSS8AI score0.03796EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.13 views

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

5.3CVSS7.2AI score0.00903EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.93 views

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

7.5CVSS7.3AI score0.01479EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.16 views

CVE-2022-41723 affecting package golang for versions less than 1.21.6-1

CVE-2022-41723 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

7.5CVSS9.1AI score0.04561EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.58 views

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

7.5CVSS8.9AI score0.99999EPSS
Exploits19
CBLMariner
CBLMariner
added 2024/02/25 3:0 a.m.19 views

CVE-2023-29405 affecting package golang for versions less than 1.21.6-1

CVE-2023-29405 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

9.8CVSS9.8AI score0.01728EPSS
Exploits0
OSV
OSV
added 2023/12/06 5:15 p.m.6 views

AZL-37438 CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS6.8AI score0.01137EPSS
Exploits0References1
OSV
OSV
added 2023/12/05 12:15 a.m.7 views

AZL-37343 CVE-2023-49292 affecting package golang for versions less than 1.21.6-1

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...

4.8CVSS5.7AI score0.00335EPSS
Exploits1References1
Rows per page
Query Builder