58 matches found
CLSA-2026-1778109988 toolbox: Fix of 9 CVEs
Rebuild with golang = 1.22.5 to fix CVE-2022-1705, CVE-2022-41717, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319, CVE-2023-39326, CVE-2023-45290, CVE-2024-24785, CVE-2024-24791...
K000152671: Golang html/template vulnerabilities CVE-2023-39318,CVE-2023-39319, and CVE-2024-24785
Security Advisory Description CVE-2023-39318 The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
TencentOS Server 4: golang (TSSA-2024:0627)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0627 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
RLSA-2024:0121 Moderate: container-tools:4.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...
Linux Distros Unpatched Vulnerability : CVE-2023-39319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The html/template package does not apply the proper rules for handling occurrences of contexts. This may cause the template parser to improperly consider script...
Oracle Linux 9 : buildah (ELSA-2024-9097)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9097 advisory. - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724...
Photon OS 4.0: Go PHSA-2023-4.0-0484
An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0484. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid204352...
RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2024:3467)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3467 advisory. A highly-available key value store for shared configuration Security Fixes: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack...
RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2024:3352)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3352 advisory. A highly-available key value store for shared configuration Security Fixes: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack...
RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: urllib3:...
Moderate: Red Hat Security Advisory: toolbox security update
An update for toolbox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
ALSA-2024:2160 Moderate: toolbox security update
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: html/template: improper handling of HTML-like comments within script contexts...
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3700-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:3701-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3840-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-39319 affecting package golang for versions less than 1.21.6-1
CVE-2023-39319 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-39319 affecting package golang for versions less than 1.21.6-1
CVE-2023-39319 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3270)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The html/template package does not properly handle HTML-like '' comment tokens, nor hashbang '!' comment tokens, in contexts. This may cause the...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-3331)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...
Ubuntu: Security Advisory (USN-6574-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...