Developer Tools
Monthly
A privilege escalation flaw was found in Podman. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in net/http in Go 1.11.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A privilege escalation flaw was found in Podman. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in net/http in Go 1.11.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.