41 matches found
Security Bulletin: Vulnerability in go package in nginx-controller affects IBM Db2 Data Management Console
Summary go package in nginx-controller open source library is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the...
CBL Mariner 2.0 Security Update: golang (CVE-2023-24532)
The version of golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-24532 advisory. - The ScalarMult and ScalarBaseMult methods of the P256 Curve May return an incorrect result if called with so...
Security Bulletin: Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis. Vulnerabilities include denial of service, gain elevated privileges on the system, allow a remote attacker to execute...
Linux Distros Unpatched Vulnerability : CVE-2023-24532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than t...
CVE-2023-24532 affecting package golang for versions less than 1.20.2-1
CVE-2023-24532 affecting package golang for versions less than 1.20.2-1. A patched version of the package is available...
Security Bulletin: Vulnerability in Go affects watsonx.data
Summary TheScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go have an unspecified error that returns an incorrect result which has an unknown impact and attack vector. watsonx.data may be affected by this. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified...
Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data
Summary Golang Go has multiple vulnerabilities that include HTTP request smuggling, remote attacks to obtain sensitive information, denial of service, and unspecified errors with return an incorrect results. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION:...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )
Summary Nginx is used by IBM Cloud Pak for Data as part of the web interface. CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods o...
Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data
Summary A vulnerability in the Go package has been addressed. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown impact and attack vector. CVSS Base...
CVE-2023-24532 affecting package golang for versions less than 1.20.2-1
CVE-2023-24532 affecting package golang for versions less than 1.20.2-1. A patched version of the package is available...
CVE-2023-24532 affecting package golang for versions less than 1.21.6-1
CVE-2023-24532 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-24532 affecting package golang for versions less than 1.21.6-1
CVE-2023-24532 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
Oracle TimesTen 22.x < 22.1.1.7.0 Multiple Vulnerabilities (July 2023 CPU)
The version of Oracle TimesTen installed on the remote host is 22.x prior to 22.1.1.7.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory - Vulnerability in Oracle TimesTen In-Memory Database component: TimesTen IMDB Dell BSAFE Micro Edition Suite...
Important: Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.0.1 security update
An update for run-once-duration-override-container, run-once-duration-override-operator-bundle-container, and run-once-duration-override-operator-container is now available for RODOO-1.0-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
Important: Red Hat Security Advisory: Service Telemetry Framework 1.5.2 security update
An update is now available for Service Telemetry Framework 1.5.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 security update
An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2.5. Red Hat Product Security has rated this update as having a security impact of Importan...
Important: golang
Issue Overview: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the...
Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update
OpenShift API for Data Protection OADP 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update
The Migration Toolkit for Containers MTC 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.1.2 Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown...