Astra Linux - уязвимость в golang-golang-x-text

In Go 1.15.4, a "index out of range" panic occurs in the language.ParseAcceptLanguage function during the parsing of the -u- extension. The language.ParseAcceptLanguage function is supposed to be able to parse an HTTP Accept-Language header...

EUVD-2020-21243

Malware in sbrugna...

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2021-3121, CVE-2021-38561, CVE-2023-43804)

Summary github.com/gogo/protobuf, golang.org/x/text, urllib3 are dependency packages used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP clien...

Linux Distros Unpatched Vulnerability : CVE-2020-14040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the...

In x/text in Go before v0.3.5 a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

...

In x/text in Go 1.15.4 an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

...

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go: encoding/xml: XML element instability CVE-2020-29511 - The x/text package before 0.3.3 for Go has a...

RHEL 8 : heketi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 -...

RHEL 9 : podman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: out-of-bounds read in golang.org/x/text/language leads to DoS CVE-2021-38561 Note that Nessus has not teste...

RHEL 8 : heketi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty CVE-2021-33197 ...

RHEL 8 : golang.org_x_text (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...

RHEL 7 / 8 / 9 : OpenShift Virtualization 4.13.0 RPMs (RHSA-2023:3204)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3204 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory...

BIT-GOLANG-2020-28851

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

[SECURITY] Fedora 38 Update: golang-x-text-0.14.0-1.fc38

Text is a repository of text-related packages related to internationalization i18n and localization l10n, such as character encodings, text transformations, and locale-specific text handling...

Fedora 39 : golang-x-text (2024-b85b97c0e9)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b85b97c0e9 advisory. update to v0.14.0, address CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

Fedora: Security Advisory (FEDORA-2024-b85b97c0e9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : golang-x-text (2024-fd3545a844)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fd3545a844 advisory. update to v0.14.0, address CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

Fedora: Security Advisory for golang-x-text (FEDORA-2024-fd3545a844)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Storage Fusion may be vulnerable to Denial of Service via use of golang.org/x/net, x/crypto, and x/text (CVE-2022-30633, CVE-2022-27664, CVE-2022-28131, CVE-2022-41721, CVE-2021-43565, CVE-2022-27191, CVE-2022-32149)

Summary Golang's x/net, x/crypto and x/text are used by IBM Storage Fusion for networking, cryptography and internationalization. Vulnerabilities in these libraries include Inconsistent Interpretation of HTTP Requests, Uncontrolled Recursion, and Missing Release of Resource that could lead to a...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST

Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in Golang x/net and x/text Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted...