Download
| Alert*
oval:org.secpod.oval:def:1800333
go is installed oval:org.secpod.oval:def:1800887 CVE-2017-15042: smtp.PlainAuth susceptible to man-in-the-middle password harvesting; It was found that smtp.PlainAuth scheme was vulnerable to man-in-the-middle attack. smtp.PlainAuth implementation would send the username and password to man-in-the-middle SMTP server that doesnt advertise STARTTLS ... oval:org.secpod.oval:def:1801862 Data race in certain net/http servers including ReverseProxy Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected. X.509 verification ignores provided EKUs on Windows. On Windows, if Ver ... oval:org.secpod.oval:def:1801757 On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.marked the task 3.11-stable as completedEverything has been rebuilt. Closing. oval:org.secpod.oval:def:1801611 made the issue visible to everyone oval:org.secpod.oval:def:1801299 Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker can exploit this by crafting inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, ... oval:org.secpod.oval:def:1801360 Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker can exploit this by crafting inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, ... oval:org.secpod.oval:def:1800546 Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. oval:org.secpod.oval:def:1800332 Many software projects and vendors have implemented support for the Proxy request header in their respective CGI implementations and languages by creating the HTTP_PROXY environmental variable based on the header value. When this variable is used any outgoing requests generated in turn from the att ... oval:org.secpod.oval:def:1800516 Many software projects and vendors have implemented support for the Proxy request header in their respective CGI implementations and languages by creating the HTTP_PROXY environmental variable based on the header value. When this variable is used any outgoing requests generated in turn from the att ... |