Количество 80
Количество 80
ELSA-2025-7118
ELSA-2025-7118: osbuild and osbuild-composer security update (IMPORTANT)
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
CVE-2024-9355
RLSA-2024:8847
Moderate: grafana-pcp security update
RLSA-2024:7550
Moderate: golang security update
GHSA-3h3x-2hwv-hr52
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
ELSA-2024-8847
ELSA-2024-8847: grafana-pcp security update (MODERATE)
ELSA-2024-7550
ELSA-2024-7550: golang security update (MODERATE)
ELSA-2024-7502
ELSA-2024-7502: go-toolset:ol8 security update (MODERATE)
RLSA-2024:8678
Important: grafana security update
RLSA-2024:8327
Important: grafana security update
ELSA-2024-8678
ELSA-2024-8678: grafana security update (IMPORTANT)
ELSA-2024-8327
ELSA-2024-8327: grafana security update (IMPORTANT)
CVE-2024-1394
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
CVE-2024-1394
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
CVE-2024-34158
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34158
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34158
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34158
Calling Parse on a "// +build" build tag line with deeply nested expre ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| ELSA-2025-7118 ELSA-2025-7118: osbuild and osbuild-composer security update (IMPORTANT) | около 1 месяца назад | ||
 | CVE-2024-9355 A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-9355 A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
 | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад | |
 | RLSA-2024:8847 Moderate: grafana-pcp security update | 0% Низкий | 7 месяцев назад | |
| RLSA-2024:7550 Moderate: golang security update | 0% Низкий | 8 месяцев назад | |
| GHSA-3h3x-2hwv-hr52 Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| ELSA-2024-8847 ELSA-2024-8847: grafana-pcp security update (MODERATE) | 8 месяцев назад | ||
| ELSA-2024-7550 ELSA-2024-7550: golang security update (MODERATE) | 9 месяцев назад | ||
| ELSA-2024-7502 ELSA-2024-7502: go-toolset:ol8 security update (MODERATE) | 9 месяцев назад | ||
| RLSA-2024:8678 Important: grafana security update | 7 месяцев назад | ||
| RLSA-2024:8327 Important: grafana security update | 8 месяцев назад | ||
| ELSA-2024-8678 ELSA-2024-8678: grafana security update (IMPORTANT) | 8 месяцев назад | ||
| ELSA-2024-8327 ELSA-2024-8327: grafana security update (IMPORTANT) | 8 месяцев назад | ||
| CVE-2024-1394 A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. | CVSS3: 7.5 | 1% Низкий | около 1 года назад |
| CVE-2024-1394 A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. | CVSS3: 7.5 | 1% Низкий | около 1 года назад |
 | CVE-2024-34158 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| CVE-2024-34158 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | CVSS3: 5.9 | 0% Низкий | 10 месяцев назад |
| CVE-2024-34158 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| CVE-2024-34158 Calling Parse on a "// +build" build tag line with deeply nested expre ... | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу