RHCOS 4 : OpenShift Container Platform 4.10.5 (RHSA-2022:0927)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0927 advisory. - golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 - golang: syscall: don't close fd 0 on ForkExec err...

Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9

Summary Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header...

MiracleLinux 8 : grafana-7.5.9-5.el8 (AXSA:2022-2889:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-2889:01 advisory. golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 Tenable has extracted the preceding description block directly from the...

EUVD-2024-44548

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-44716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / cf-cli / cri-o / csi-driver-lvm / golang / keda / moby-engine / node-problem-detector (CVE-2021-44716)

The version of application-gateway-kubernetes-ingress / cf-cli / cri-o / csi-driver-lvm / golang / keda / moby-engine / node-problem-detector installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44716...

CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.8.2-1

CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.8.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-44716 affecting package multus for versions less than 4.0.2-1

CVE-2021-44716 affecting package multus for versions less than 4.0.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

CVE-2024-4437

CVE-2024-4437 concerns the etcd package in the Red Hat OpenStack Platform with an incomplete fix for CVE-2021-44716. The root cause, as stated, is that the etcd package uses http://golang.org/x/net/http2 instead of the Red Hat Enterprise Linux-provided version, requiring a compile-time update rat...

CVE-2024-4437

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

CVE-2021-44716 affecting package cri-o for versions less than 1.21.7-2

CVE-2021-44716 affecting package cri-o for versions less than 1.21.7-2. A patched version of the package is available...

RHEL 7 / 8 : OpenShift Virtualization 4.12.0 RPMs (RHSA-2023:0407)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0407 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains...

RHEL 8 : Release of OpenShift Serverless Client kn 1.21.0 (Moderate) (RHSA-2022:1056)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1056 advisory. Red Hat OpenShift Serverless Client kn 1.21.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.0. The kn CLI is delivered a...

CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.15-1

CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.15-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-44716 affecting package moby-engine for versions less than 25.0.3-1

CVE-2021-44716 affecting package moby-engine for versions less than 25.0.3-1. An upgraded version of the package is available that resolves this issue...

CentOS 9 : podman-4.1.1-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the podman-4.1.1-3.el9 build changelog. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via...

CVE-2021-44716 affecting package rook for versions less than 1.6.2-19

CVE-2021-44716 affecting package rook for versions less than 1.6.2-19. A patched version of the package is available...

CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.7.10-19

CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.7.10-19. A patched version of the package is available...