69 matches found
MiracleLinux 8 : container-tools:rhel8 (AXSA:2023-7318:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7318:02 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...
Security Bulletin: Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis. Vulnerabilities include denial of service, gain elevated privileges on the system, allow a remote attacker to execute...
Linux Distros Unpatched Vulnerability : CVE-2023-24534
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual...
Security Bulletin: Operations Dashboard is vulnerable to denial of service due to Go (CVE-2023-24534)
Summary Operations Dashboard is vulnerable to denial of service due to Go CVE-2023-24534 with details below. Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial o...
Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to Golang Go ( CVE-2023-24534 )
Summary Golang Go is used by IBM Storage Protect Server and may be affected by vulnerability CVE-2023-24534. Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial o...
Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2023-24534]
Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2023-24534 Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME...
Oracle Linux 9 : containernetworking-plugins (ELSA-2024-9089)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-9089 advisory. - rebuild for CVE-2024-24791 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723...
Oracle Linux 9 : buildah (ELSA-2024-9097)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9097 advisory. - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724...
Oracle Linux 9 : skopeo (ELSA-2024-9098)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9098 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
RHEL 8 / 9 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3366 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
RHEL 8 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
RHEL 9 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4459 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
CentOS 9 : containernetworking-plugins-1.3.0-2.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the containernetworking-plugins-1.3.0-2.el9 build changelog. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a...
CVE-2023-24534 affecting package golang for versions less than 1.21.6-1
CVE-2023-24534 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-24534 affecting package golang for versions less than 1.21.6-1
CVE-2023-24534 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
RHCOS 4 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. - golang: net/http, net/textproto: denial of service from excessive memory allocation CVE-2023-24534 - golang: net/http,...
CVE-2023-24534 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-24534 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is available...
container-tools:4.0 security and bug fix update
buildah 1:1.24.6-7 - rebuild for CVE-2023-29406 - Related: 2176055 1:1.24.6-6 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: 2179943 - Resolves: 2187341 - Resolves:...