MiracleLinux 8 : git-lfs-2.13.3-3.el8 (AXSA:2022-3920:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3920:02 advisory. golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension CVE-2020-28851 golang.org/x/text: Panic in...

MiracleLinux 9 : container-tools, python-podman-4.2.0-1.el9, toolbox-0.0.99.3-5.el9 (AXSA:2023-5056:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5056:01 advisory. golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension CVE-2020-28851 golang.org/x/text: Panic in...

CVE-2020-28851 affecting package buildah for versions less than 1.41.4-2

CVE-2020-28851 affecting package buildah for versions less than 1.41.4-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-28851

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

Linux Distros Unpatched Vulnerability : CVE-2020-28851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed to be ab...

CVE-2020-28851 affecting package multus for versions less than 4.0.2-1

CVE-2020-28851 affecting package multus for versions less than 4.0.2-1. An upgraded version of the package is available that resolves this issue...

RHEL 7 : golang.org_x_text (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...

RHEL 8 : golang.org_x_text (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Denial of Service via use of openshift/machine-api-operator, openshift/machine-config-operator (CVE-2020-28851, CVE-2020-28852, CVE-2021-44716)

Summary OpenShift's machine-api-operator and machine-config-operator are used by IBM Storage Fusion HCI to interact with the OpenShift platform, operators, and custom resource definitions. Vulnerabilities in these libraries include an improper validation of array index and possible uncontrolled...

CVE-2023-28851

creationtimestamp| type| source ---|---|--- 2023-04-03 22:24:58+00:00| seen| https://t.me/cibsecurity/61349...

CVE-2023-28851 Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

CVE-2023-28851 Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

CVE-2023-28851

CVE-2023-28851 affects Silverstripe Form Capture. The issue is improper escaping when presenting stored form submissions, enabling stored Cross-Site Scripting (XSS). Impacted versions include 0.2.0 and older than 1.0.2, 1.1.0, 2.2.5, and 3.1.1. The patch history is: initial fix in 1.0.2, patch in...

Ubuntu: Security Advisory (USN-5873-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5873-1: Go Text vulnerabilities

It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14040 It was discovered that Go Text incorrectly handled certain BCP 47 language...

SUSE CVE-2020-28851

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go.

Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2020-28852 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation while...

Moderate: Red Hat Security Advisory: podman security and bug fix update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2022:7954 Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension...

git-lfs security and bug fix update

An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...