RHCOS 4 : OpenShift Container Platform 4.15.11 (RHSA-2024:2071)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2071 advisory. - jose-go: improper handling of highly compressed data CVE-2024-28180 Note that Nessus has not tested for this issue but has instead relied...

RHCOS 4 : OpenShift Container Platform 4.14.23 (RHSA-2024:2054)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2054 advisory. - kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin CVE-2024-3177 -...

RHCOS 4 : OpenShift Container Platform 4.12.58 (RHSA-2024:3351)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3351 advisory. - jose-go: improper handling of highly compressed data CVE-2024-28180 Note that Nessus has not tested for this issue but has instead relied...

RHCOS 4 : OpenShift Container Platform 4.15.13 (RHSA-2024:2776)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2776 advisory. - jose-go: improper handling of highly compressed data CVE-2024-28180 Note that Nessus has not tested for this issue but has instead relied...

RHCOS 4 : OpenShift Container Platform 4.13.42 (RHSA-2024:2877)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2877 advisory. - buildah: full container escape at build time CVE-2024-1753 - jose-go: improper handling of highly compressed data CVE-2024-28180...

OPENSUSE-SU-2026:20279-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

SUSE-SU-2026:20550-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

MiracleLinux 9 : buildah-1.33.7-2.el9_4 (AXSA:2024-8286:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8286:05 advisory. golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 jose-go: improper handling of highly compressed data CVE-2024-28180...

CVE-2024-28180 affecting package buildah for versions less than 1.41.4-2

CVE-2024-28180 affecting package buildah for versions less than 1.41.4-2. An upgraded version of the package is available that resolves this issue...

Security Bulletin: IBM Storage Ceph is vulnerable to Data Amplification in Go-Jose in Grafana (CVE-2024-28180)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-28180 Vulnerability Details CVEID:CVE-2024-28180 DESCRIPTION: Package jose aims to provide an implementation of the Javascript Object...

Fedora: Security Advisory (FEDORA-2024-67167e57df)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-f6f91d983c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Alibaba Cloud Linux 3 : 0145: container-tools:rhel8 bug fix and enhancement update (Moderate) (ALINUX3-SA-2024:0145)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0145 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-28176: jose is JavaScript module...

CVE-2024-28180 affecting package packer for versions less than 1.9.5-6

CVE-2024-28180 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2024-28180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing...

CVE-2024-28180 affecting package moby-containerd-cc for versions less than 1.7.7-6

CVE-2024-28180 affecting package moby-containerd-cc for versions less than 1.7.7-6. A patched version of the package is available...

CVE-2024-28180 affecting package containerd for versions less than 1.7.13-6

CVE-2024-28180 affecting package containerd for versions less than 1.7.13-6. A patched version of the package is available...

openSUSE Security Advisory (SUSE-SU-2024:1987-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2025:0623-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0623-1 advisory. grafana was updated from version 10.4.13 to 10.4.15: - Security issues fixed: CVE-2024-45339: Fixed vulnerability when creating l...

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 10.4.13 to 10.4.15: Security issues fixed: CVE-2024-45339: Fixed vulnerability when creating log files bsc1236559 CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration bsc1236734 CVE-2025-21613: Remove...