Download
| Alert*
oval:org.secpod.oval:def:1600802
Arbitrary code execution during go get or go get -d:Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git r ... oval:org.secpod.oval:def:1800887 CVE-2017-15042: smtp.PlainAuth susceptible to man-in-the-middle password harvesting; It was found that smtp.PlainAuth scheme was vulnerable to man-in-the-middle attack. smtp.PlainAuth implementation would send the username and password to man-in-the-middle SMTP server that doesnt advertise STARTTLS ... oval:org.secpod.oval:def:204795 The golang packages provide the Go programming language compiler. The following packages have been upgraded to a later upstream version: golang . Security Fix: * golang: arbitrary code execution during "go get" or "go get -d" * golang: smtp.PlainAuth susceptible to man-in-the-m ... oval:org.secpod.oval:def:113326 The Go Programming Language. oval:org.secpod.oval:def:113332 The Go Programming Language. oval:org.secpod.oval:def:113680 The Go Programming Language. oval:org.secpod.oval:def:1901190 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was document ... oval:org.secpod.oval:def:1700038 Arbitrary code execution during go get or go get -dGo before 1.8.4 and 1.9.x before 1.9.1 allows quot;go getquot; remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repo ... oval:org.secpod.oval:def:2105901 Oracle Solaris 11 - ( CVE-2017-15041 ) |