102 matches found
MiracleLinux 8 : go-toolset:rhel8 delve-1.8.3-1.module+el8+1585+5d99e9d3, golang-1.18.9-1.module+el8+1585+5d99e9d3, go-toolset-1.18.9-1.module+el8+1585+5d99e9d3 (AXSA:2023-4877:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4877:01 advisory. golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...
MiracleLinux 8 : cockpit-composer-45-1.el8, osbuild-composer-75-1.el8.ML.1, osbuild-81-1.el8.ML.1, weldr-client-35.9-2.el8 (AXSA:2023-6087:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6087:04 advisory. golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...
CVE-2022-2879 affecting package buildah for versions less than 1.41.4-2
CVE-2022-2879 affecting package buildah for versions less than 1.41.4-2. An upgraded version of the package is available that resolves this issue...
CVE-2022-2879 affecting package podman for versions less than 5.6.1-2
CVE-2022-2879 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...
TencentOS Server 3: osbuild (TSSA-2023:0105)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0105 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: cockpit-composer (TSSA-2023:0135)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0135 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: ostree (TSSA-2023:0103)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0103 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Alibaba Cloud Linux 3 : 0101: container-tools:rhel8 (ALINUX3-SA-2024:0101)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0101 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2018-25091: urllib3 before 1.24.2 does...
RLSA-2024:0121 Moderate: container-tools:4.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...
Medium: runc
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Medium: docker
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Amazon Linux 2 : containerd (ALASECS-2025-060)
The version of containerd installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-060 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read ...
Medium: docker
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to multiple software weaknesses due to Golang
Summary Golang Go is vulnerable to a denial of service, which could allow a remote attacker to conduct query parameter smuggling and could allow a local attacker to execute arbitrary code on the system. Golang is used by IBM Storage Fusion Data Foundation as a core part of operators. This bulleti...
Linux Distros Unpatched Vulnerability : CVE-2022-2879
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory,...
Azure Linux 3.0 Security Update: golang / ig / moby-engine / skopeo (CVE-2022-2879)
The version of golang / ig / moby-engine / skopeo installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2879 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A malicious...
CVE-2022-2879 affecting package golang 1.17.13-2
CVE-2022-2879 affecting package golang 1.17.13-2. No patch is available currently...
CVE-2022-2879 affecting package moby-engine for versions less than 25.0.3-3
CVE-2022-2879 affecting package moby-engine for versions less than 25.0.3-3. A patched version of the package is available...
CVE-2022-2879 affecting package skopeo for versions less than 1.14.4-1
CVE-2022-2879 affecting package skopeo for versions less than 1.14.4-1. A patched version of the package is available...
CVE-2022-2879 affecting package libcontainers-common for versions less than 20240213-2
CVE-2022-2879 affecting package libcontainers-common for versions less than 20240213-2. A patched version of the package is available...