MiracleLinux 8 : go-toolset:rhel8 (AXSA:2023-6204:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6204:02 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2023-7318:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7318:02 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...

AlmaLinux 8 : container-tools:4.0 (ALSA-2023:6938)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:6938 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handlin...

TencentOS Server 3: go-toolset (TSSA-2023:0115)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0115 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.2.0 Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing multiple actions separated by a...

Security Bulletin: Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis. Vulnerabilities include denial of service, gain elevated privileges on the system, allow a remote attacker to execute...

Linux Distros Unpatched Vulnerability : CVE-2023-24540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-9089)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-9089 advisory. - rebuild for CVE-2024-24791 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723...

Oracle Linux 9 : skopeo (ELSA-2024-9098)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9098 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...

Oracle Linux 9 : buildah (ELSA-2024-9097)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9097 advisory. - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724...

Important: Red Hat Security Advisory: Updated rhceph-5.3 container image and security update

Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 / 9 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3366 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 7 / 8 : Red Hat OpenShift Enterprise (RHSA-2023:3910)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3910 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 / 9 : OpenShift Container Platform 4.12.21 (RHSA-2023:3545)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3545 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 / 9 : OpenShift Container Platform 4.12.20 (RHSA-2023:3409)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3409 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

RHEL 8 : Red Hat OpenShift Enterprise (RHSA-2023:3914)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3914 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

CVE-2023-24540 affecting package golang for versions less than 1.21.6-1

CVE-2023-24540 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2023-24540 affecting package golang for versions less than 1.21.6-1

CVE-2023-24540 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

K000138679: Golang vulnerabilities CVE-2023-24540, CVE-2023-29400, and CVE-2023-29403

Security Advisory Description CVE-2023-24540 Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Go HTML injection vulnerability [CVE-2023-24540]

Summary Go HTML injection vulnerability CVEID: CVE-2023-24540 have been identified that affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Go is...