Azure Linux 3.0 Security Update: multus (CVE-2020-28852)

The version of multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28852 advisory. - In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage whil...

Linux Distros Unpatched Vulnerability : CVE-2020-28852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is suppos...

CVE-2020-28852 affecting package multus for versions less than 4.0.2-1

CVE-2020-28852 affecting package multus for versions less than 4.0.2-1. An upgraded version of the package is available that resolves this issue...

RHEL 7 : golang.org_x_text (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...

RHEL 8 : golang.org_x_text (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Denial of Service via use of openshift/machine-api-operator, openshift/machine-config-operator (CVE-2020-28851, CVE-2020-28852, CVE-2021-44716)

Summary OpenShift's machine-api-operator and machine-config-operator are used by IBM Storage Fusion HCI to interact with the OpenShift platform, operators, and custom resource definitions. Vulnerabilities in these libraries include an improper validation of array index and possible uncontrolled...

Ubuntu: Security Advisory (USN-5873-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5873-1: Go Text vulnerabilities

It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14040 It was discovered that Go Text incorrectly handled certain BCP 47 language...

Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go.

Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2020-28852 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation while...

Moderate: Red Hat Security Advisory: podman security and bug fix update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2022:7954 Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension...

git-lfs security and bug fix update

An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

RHEL 8 : git-lfs (RHSA-2022:7129)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7129 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

Security Bulletin: Multiple vulnerabilities have been found in Golang Go which is shipped with Cloud Pak System

Summary Multiple vulnerabilities have been found in Golang Go which is shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-34558 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the failure to properly...

Moderate: Red Hat Security Advisory: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]

The components for Windows Container Support for Red Hat OpenShift 5.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.2 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities (CVE-2020-28851 and CVE-2020-28852)

Summary IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities CVE-2020-28851 and CVE-2020-28852 with details of each below. Vulnerability Details CVEID: CVE-2020-28851 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. Vulnerability Details CVEID: CVE-2020-28362 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the math/big.Int methods. By sending a specially-crafted...

CVE-2020-28852

creationtimestamp| type| source ---|---|--- 2021-01-02 12:33:55+00:00| seen| https://t.me/cibsecurity/21510...

DEBIAN-CVE-2020-28852

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...