ROS-20240418-06

The Containerd container runtime vulnerability is related to a flaw that causes additional
groups are not properly configured within the container. Exploitation of the vulnerability could allow
An attacker to gain unauthorized access to protected information or execute arbitrary code

A vulnerability in the Golang programming language is associated with the consumption of a large amount of CPU resources and
memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
denial of service

A vulnerability in the Golang programming language is related to templates containing multiple actions,
separated by the “/” character, which could result in unexpected CSS context closure and the ability to
to inject unexpected HTML code. Exploitation of the vulnerability could allow an attacker acting remotely to inject malware.
remotely to inject malicious HTML code

Vulnerability of net/http and mime/multipart libraries of the GoLang development tool used in the application software of the Aurovro software.
Aurora Center application software is related to uncontrolled consumption of resources with certain input data.
certain inputs. Exploitation of the vulnerability could allow an attacker acting remotely,
Perform a denial-of-service attack

Go programming language vulnerability exists due to failure to take measures to neutralize special
elements in non-quoted HTML attributes (e.g., “attr={{.}}”). Exploitation of the vulnerability could allow
an attacker acting remotely to inject arbitrary attributes into HTML tags

The Go programming language vulnerability is related to errors in handling whitespace characters in the context of
JavaScript. Exploitation of the vulnerability could allow an attacker, acting remotely, to impact the confidentiality, integrity, and security of HTML tags.
affect the confidentiality, integrity and availability of protected information

Vulnerability in HTTP and MIME headers of Golang programming language is associated with large amount of memory allocation even when analyzing small inputs.
memory even when analyzing small input data. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service

Vulnerability in the crypto/tls component of the Golang programming language is related to the sending of confirmation records
TLS, causing servers and clients respectively to panic when attempting to create responses. Exploitation of the
vulnerability could allow an attacker acting remotely to cause a denial of service

A vulnerability in the Golang programming language is related to the lack of validation of the contents of the Host header.
Exploitation of the vulnerability could allow a remote attacker to execute malicious code

A vulnerability in the golang package of the Debian GNU/Linux operating system is related to incorrect control of code generation.
code generation. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code.
code

Golang HPACK decoder vulnerability is related to uncontrolled resource consumption.
Exploitation of the vulnerability could allow an attacker acting locally to cause a denial of service