62 matches found
MiracleLinux 8 : container-tools:rhel8 (AXSA:2023-7318:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7318:02 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...
Linux Distros Unpatched Vulnerability : CVE-2023-24537
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer...
Oracle Linux 9 : skopeo (ELSA-2024-9098)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9098 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
RHEL 8 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
CVE-2023-24537 affecting package golang for versions less than 1.21.6-1
CVE-2023-24537 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-24537 affecting package golang for versions less than 1.21.6-1
CVE-2023-24537 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
RHCOS 4 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. - golang: net/http, net/textproto: denial of service from excessive memory allocation CVE-2023-24534 - golang: net/http,...
CVE-2023-24537 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24537 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is available...
Moderate: Red Hat Security Advisory: container-tools:rhel8 security and bug fix update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Moderate: container-tools:4.0 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...
Moderate: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handling of JavaScri...
Moderate: Red Hat Security Advisory: skopeo security update
An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: podman security, bug fix, and enhancement update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...
ALSA-2023:6474 Moderate: podman security, bug fix, and enhancement update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update
An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Security Bulletin: Vulnerability in Golang Go affects IBM Cloud Pak System [CVE-2023-24538]
Summary Golang Go code execution vulnerability affects Cloud Pak System. Cloud Pak System has addressed this vulnerability CVE-2023-24538. In addition it includes CVE-2023-24537. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary...
Important: golang
Issue Overview: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the...
OESA-2023-1662 skopeo security update
A command line utility that performs various operations on container images and image repositories Security Fixes: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.CVE-2023-24537...