Azure Linux 3.0 Security Update: python-tensorboard (CVE-2021-33195)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-33195 advisory. - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate...

EUVD-2021-19908

Malware in sbrugna...

SUSE CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

SUSE CVE-2021-33197

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...

Allocation of Resources Without Limits or Throttling

Overview std/archive/zip is a Go standard library package std/archive/zip Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the NewReader or OpenReader functions. An attacker can cause a panic or trigger an...

Missing Authorization

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to Missing Authorization. Go Vulnerability Report: ReverseProxy can be made to forward certain hop-by-hop headers, including Connection. If the target of the...

AZL-79084 CVE-2021-33196 affecting package golang 1.25.7-1

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive's header can cause a NewReader or OpenReader panic...

DEBIAN-CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

CVE-2021-33197

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...

CVE-2021-33197

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...

go-toolset:rhel8 bug fix and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Bug Fixes and Enhancements: Rebase go-toolset to 1.15.13 BZ1967698 Memory consumption containermemoryrss steadily growing for /system.slice/kubelet.service when FIPS enabled BZ1969700...