70 matches found
RHCOS 4 : OpenShift Container Platform 4.11.17 (RHSA-2022:8626)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8626 advisory. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - golang: net/http: handle server errors after...
RHCOS 4 : OpenShift Container Platform 4.11.16 (RHSA-2022:8534)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8534 advisory. - golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of...
MiracleLinux 9 : cockpit-composer-41-1.el9, osbuild-composer-62.1-1.el9.ML.1, osbuild-65-1.el9.ML.1, weldr-client-35.5-4.el9 (AXSA:2023-5065:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5065:02 advisory. golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service CVE-2022-32189...
MiracleLinux 8 : cockpit-composer-41-1.el8, osbuild-composer-62-1.el8.ML.1, osbuild-65-1.el8.ML.2, weldr-client-35.5-4.el8 (AXSA:2023-4757:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4757:01 advisory. golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service CVE-2022-32189...
Linux Distros Unpatched Vulnerability : CVE-2022-32189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of...
RHEL 9 : helm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short,...
RHEL 8 : Red Hat OpenStack Platform (etcd) (RHSA-2023:1275)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1275 advisory. etcd is a highly-available key value store for shared configuration. The following Important impact security fixes are applicable to Red Hat...
RHEL 7 / 8 / 9 : OpenShift Virtualization 4.13.0 RPMs (RHSA-2023:3204)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3204 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory...
CentOS 9 : toolbox-0.0.99.3-7.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.3-7.el9 build changelog. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP...
Rocky Linux 8 : Image Builder (RLSA-2022:7548)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7548 advisory. - A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial o...
Security Bulletin: IBM Storage Ceph is vulnerable to an HTTP request/response smuggling vulnerablity in Golang Go
Summary Golang Go is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-32189, CVE-2022-41715. Vulnerability Details CVEID: CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in...
SUSE: Security Advisory (SUSE-SU-2023:2312-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.13.0 Images security, bug fix, and enhancement update
Red Hat OpenShift Virtualization release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...
Moderate: Red Hat Security Advisory: container-tools:4.0 security and bug fix update
An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
RHEL 8 : container-tools:4.0 (RHSA-2023:2802)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2802 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang:...
Moderate: container-tools:4.0 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962 golang:...
AlmaLinux 9 : butane (ALSA-2023:2193)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2193 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing i...
AlmaLinux 9 : toolbox (ALSA-2023:2236)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2236 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing i...
RHEL 9 : toolbox (RHSA-2023:2236)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2236 advisory. Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman...
Moderate: Red Hat Security Advisory: git-lfs security and bug fix update
An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...