Vulnerability & Exploit Database

Displaying entries 201 - 210 of 140656 in total

SUSE: CVE-2018-16875: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 14, 2018

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

SUSE: CVE-2018-16874: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 14, 2018

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https:...

SUSE: CVE-2018-16873: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 14, 2018

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documen...

Gentoo Linux: CVE-2018-16875: Go: Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: December 14, 2018

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

Gentoo Linux: CVE-2018-16874: Go: Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: December 14, 2018

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https:...

Gentoo Linux: CVE-2018-16873: Go: Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: December 14, 2018

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documen...

Ubuntu: USN-3850-1 (CVE-2018-12404): NSS vulnerabilities Vulnerability

  • Severity: 4
  • Published: December 13, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3850-1:

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation.

A local attacker could possibly use this issue to perform...

SUSE: CVE-2018-12404: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 13, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2018-12404:

This CVE is addressed in the SUSE advisories SUSE-SU-2018:4235-1, SUSE-SU-2018:4236-1, openSUSE-SU-2018:4117-1.