RHCOS 4 : OpenShift Container Platform 4.11.17 (RHSA-2022:8626)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8626 advisory. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - golang: net/http: handle server errors after...

MiracleLinux 8 : grafana-pcp-3.2.0-2.el8 (AXSA:2022-4370:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4370:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang:...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2022-3736:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3736:01 advisory. golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header...

Linux Distros Unpatched Vulnerability : CVE-2022-32148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a...

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has multiple vulnerabilities that include HTTP request smuggling, remote attacks to obtain sensitive information, denial of service, and unspecified errors with return an incorrect results. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION:...

RHEL 8 : Red Hat Application Interconnect 1.0 Release (rpms) (Important) (RHSA-2022:6113)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6113 advisory. This release addresses several security issues in the underlying golang compiler by moving to golang version 1.17.12. Security Fixes:...

RHEL 7 / 8 : OpenShift Virtualization 4.12.0 RPMs (RHSA-2023:0407)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0407 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains...

RHEL 8 : Red Hat OpenStack Platform (etcd) (RHSA-2023:1275)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1275 advisory. etcd is a highly-available key value store for shared configuration. The following Important impact security fixes are applicable to Red Hat...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

OESA-2024-1250 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP wi...

OESA-2024-1105 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map...

Rocky Linux 8 : grafana-pcp (RLSA-2022:7648)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7648 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

Rocky Linux 9 : grafana-pcp (RLSA-2022:8250)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8250 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

Security Bulletin: IBM Storage Ceph is vulnerable via Exposure of Sensitive Information to an Unauthorized Actork in Golang (CVE-2022-32148)

Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-32148 Vulnerability Details CVEID: CVE-2022-32148 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by improper exposure of client IP addresses in net/htt...

Moderate: Red Hat Security Advisory: OpenShift Jenkins image and Jenkins agent base image security update

Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE: Security Advisory (SUSE-SU-2023:2312-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: container-tools:4.0 security and bug fix update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962 golang:...

RHEL 8 : container-tools:4.0 (RHSA-2023:2802)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2802 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang:...

Security Bulletin: Multiple Vulnerabilities in Multicloud Management Security Services

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Multicloud Management Security Services Vulnerability Details CVEID:CVE-2022-31512 DESCRIPTION: flask-mvc could allow a remote attacker to traverse directories on the system, caused by the Flask sendfile function being used unsafely...