It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-175 advisory.

  - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to     Uncontrolled Memory Consumption. (CVE-2022-23772)

  - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to     be version tags. This can lead to incorrect access control if an actor is supposed to be able to create     branches but not tags. (CVE-2022-23773)

  - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

  - Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including     unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy     forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in     the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director     function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse     query parameters continue to forward the original query parameters unchanged. (CVE-2022-2880)

  - Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in     the working directory named either ..com or ..exe by calling Cmd.Run, Cmd.Start, Cmd.Output, or     Cmd.CombinedOutput when Cmd.Path is unset. (CVE-2022-30580)

  - Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause     an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. (CVE-2022-30634)

  - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server     connections contain a cache of HTTP header keys sent by the client. While the total number of entries in     this cache is capped, an attacker sending very large keys can cause the server to allocate approximately     64 MiB per open connection. (CVE-2022-41717)

  - A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean     function could transform an invalid path such as a/../c:/b into the valid path c:\b. This     transformation of a relative (if invalid) path into an absolute path could enable a directory traversal     attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid)     path .\c:\b. (CVE-2022-41722)

  - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS     handshake records which cause servers and clients, respectively, to panic when attempting to construct     responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption     (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client     certificates (by setting Config.ClientAuth >= RequestClientCert). (CVE-2022-41724)

  - A denial of service is possible from excessive resource consumption in net/http and mime/multipart.
    Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory     and disk files. This also affects form parsing in the net/http package with the Request methods FormFile,     FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented     as storing up to maxMemory bytes +10MB (reserved for non-file parts) in memory. File parts which cannot     be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file     parts is excessively large and can potentially open a denial of service vector on its own. However,     ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead,     part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In     addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small     request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts     for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory     bytes of memory consumption. Users should still be aware that this limit is high and may still be     hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form     parts into a single temporary file. The mime/multipart.File interface type's documentation states, If     stored on disk, the File's underlying concrete type will be an *os.File.. This is no longer the case when     a form contains more than one file part, due to this coalescing of parts into a single file. The previous     behavior of using distinct files for each form part may be reenabled with the environment variable     GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request     methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the     size of form data with http.MaxBytesReader. (CVE-2022-41725)

  - The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with     some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages     of crypto/ecdsa or crypto/ecdh. (CVE-2023-24532)

  - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs,     potentially leading to a denial of service. Certain unusual patterns of input data can cause the common     function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold     the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large     amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service.
    With fix, header parsing now correctly allocates only the memory required to hold parsed headers.
    (CVE-2023-24534)

  - Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing     very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the     total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed,     leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased     pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3.
    ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage     collector. The combination of these factors can permit an attacker to cause an program that parses     multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service.
    This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http     package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix,     ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many     fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits     on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit     may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with     NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with     ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with     the environment variable GODEBUG=multipartmaxheaders=. (CVE-2023-24536)

  - Calling any of the Parse functions on Go source code which contains //line directives with very large line     numbers can cause an infinite loop due to integer overflow. (CVE-2023-24537)

  - Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them     as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template     action within a Javascript template literal, the contents of the action can be used to terminate the     literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather     complex, and themselves can do string interpolation, the decision was made to simply disallow Go template     actions from being used inside of them (e.g. var a = {{.}}), since there is no obviously safe way to     allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse     returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is     currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous     behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will     now be escaped. This should be used with caution. (CVE-2023-24538)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0724-1 advisory.

  - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to     Uncontrolled Memory Consumption. (CVE-2022-23772)

  - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to     be version tags. This can lead to incorrect access control if an actor is supposed to be able to create     branches but not tags. (CVE-2022-23773)

  - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating     that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of     an incomplete fix for CVE-2021-33196. (CVE-2021-39293)

  - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

  - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested     expression. (CVE-2022-24921)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

  - Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or     unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-     descriptor exhaustion. (CVE-2021-44717)

  - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to     Uncontrolled Memory Consumption. (CVE-2022-23772)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0600-1 advisory.

  - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function     invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)

  - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1819 advisory.

  - golang: Command-line arguments may overwrite global data (CVE-2021-38297)

  - golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of     CVE-2021-33196) (CVE-2021-39293)

  - golang: debug/macho: invalid dynamic symbol table command can cause panic (CVE-2021-41771)

  - golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)

  - golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString     (CVE-2022-23772)

  - golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

  - golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1819 advisory.

  - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function     invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)

  - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating     that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of     an incomplete fix for CVE-2021-33196. (CVE-2021-39293)

  - ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3     Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
    (CVE-2021-41771)

  - Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP     archive containing an invalid name or an empty filename field. (CVE-2021-41772)

  - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to     Uncontrolled Memory Consumption. (CVE-2022-23772)

  - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to     be version tags. This can lead to incorrect access control if an actor is supposed to be able to create     branches but not tags. (CVE-2022-23773)

  - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202208-02 (Go: Multiple Vulnerabilities)

  - Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. (CVE-2020-28366)

  - Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. (CVE-2020-28367)

  - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader     (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,     DecodeElement, or Skip method. (CVE-2021-27918)

  - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon     attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any     filename. (CVE-2021-27919)

  - Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address     octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses,     because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. (CVE-2021-29923)

  - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs,     related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
    (CVE-2021-3114)

  - Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code     execution when using the go get command to fetch modules that make use of cgo (for example, cgo can     execute a gcc program from an untrusted download). (CVE-2021-3115)

  - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of     service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each     be affected in some configurations. (CVE-2021-31525)

  - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from     DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to     the RFC1035 format. (CVE-2021-33195)

  - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's     header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)

  - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from     net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
    (CVE-2021-33197)

  - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the     math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)

  - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an     X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS     server to cause a TLS client to panic. (CVE-2021-34558)

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

  - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function     invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)

  - ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3     Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
    (CVE-2021-41771)

  - Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP     archive containing an invalid name or an empty filename field. (CVE-2021-41772)

  - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the     header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)

  - Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or     unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-     descriptor exhaustion. (CVE-2021-44717)

  - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to     Uncontrolled Memory Consumption. (CVE-2022-23772)

  - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to     be version tags. This can lead to incorrect access control if an actor is supposed to be able to create     branches but not tags. (CVE-2022-23773)

  - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

  - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount     of PEM data. (CVE-2022-24675)

  - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested     expression. (CVE-2022-24921)

  - Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when     presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to     panic. (CVE-2022-27536)

  - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic     via long scalar input. (CVE-2022-28327)

  - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero     flags parameter, the Faccessat function could incorrectly report that a file is accessible.
    (CVE-2022-29526)

  - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

  - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

  - Automatic update for grafana-8.5.6-1.fc37.  ##### **Changelog**  ``` * Wed Jun 29 2022 Andreas Gerstmayr     <agerstmayr@redhat.com> 8.5.6-1 - update to 8.5.6 tagged upstream community sources, see CHANGELOG -     updated license to AGPLv3 - place commented sample config file in /etc/grafana/grafana.ini - enable Go     modules in build process - adapt Node.js bundling to yarn v3 and Zero Install feature * Sun Jun 19 2022     Robert-Andr Mauchin <zebob.m@gmail.com> - 7.5.15-3 - Rebuilt for CVE-2022-1996, CVE-2022-24675,     CVE-2022-28327, CVE-2022-27191,   CVE-2022-29526, CVE-2022-30629  ``` (CVE-2022-30629)

  - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

  - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

  - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

  - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

  - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

  - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

  - The Go project reports: encoding/gob & math/big: decoding big.Float and             big.Rat can panic     Decoding big.Float and big.Rat types can panic if the             encoded message is too short.
    (CVE-2022-32189)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3395 advisory.

  - Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution     at build time via malicious gcc flags specified via a #cgo directive. (CVE-2020-28367)

  - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's     header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

  - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function     invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)

  - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating     that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of     an incomplete fix for CVE-2021-33196. (CVE-2021-39293)

  - ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3     Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
    (CVE-2021-41771)

  - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the     header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)

  - Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or     unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-     descriptor exhaustion. (CVE-2021-44717)

  - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

  - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested     expression. (CVE-2022-24921)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
175071	Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-175)	Nessus	Amazon Linux Local Security Checks	5/3/2023	5/4/2023	critical
194919	Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)	Nessus	CGI abuses	5/2/2024	5/30/2024	critical
158632	openSUSE 15 Security Update : go1.16 (openSUSE-SU-2022:0724-1)	Nessus	SuSE Local Security Checks	3/5/2022	11/6/2023	critical
160177	EulerOS 2.0 SP8 : golang (EulerOS-SA-2022-1566)	Nessus	Huawei Local Security Checks	4/25/2022	8/9/2022	critical
198922	RHEL 8 : faq (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	6/3/2024	critical
172064	SUSE SLES15 / openSUSE 15 Security Update : google-guest-agent (SUSE-SU-2023:0600-1)	Nessus	SuSE Local Security Checks	3/3/2023	7/14/2023	critical
160902	CentOS 8 : go-toolset:rhel8 (CESA-2022:1819)	Nessus	CentOS Local Security Checks	5/10/2022	10/27/2023	critical
161138	AlmaLinux 8 : go-toolset:rhel8 (ALSA-2022:1819)	Nessus	Alma Linux Local Security Checks	5/12/2022	10/27/2023	critical
163840	GLSA-202208-02 : Go: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	8/4/2022	10/16/2023	critical
174589	Debian DLA-3395-1 : golang-1.11 - LTS security update	Nessus	Debian Local Security Checks	4/20/2023	4/20/2023	critical
194928	Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)	Nessus	CGI abuses	5/2/2024	5/30/2024	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical