RHCOS 4 : OpenShift Container Platform 4.12.59 (RHSA-2024:3715)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3715 advisory. - golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invali...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8553:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8553:01 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang-protobuf:...

MiracleLinux 9 : buildah-1.33.7-1.el9 (AXSA:2024-8134:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8134:04 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container,...

Security Bulletin: IBM Storage Ceph is vulnerable to an Infinite Loop in Grafana (CVE-2024-24786)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. CVE-2024-24786 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.7)

The version of AOS installed on the remote host is prior to 7.0.1.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.7 advisory. - A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute...

TencentOS Server 3: container-tools (TSSA-2024:0328)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0328 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RLSA-2024:4246 Moderate: container-tools security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON CVE-2024-24786 For mo...

RockyLinux 8 : container-tools (RLSA-2024:4246)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4246 advisory. golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON CVE-2024-24786...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.27 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Security Bulletin: Netcool Operations Insights 1.6.14 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.14 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: Requests is a HTTP library. Since Requests 2.3.0,...

Linux Distros Unpatched Vulnerability : CVE-2024-24786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Protocol Buffers protobuf-go

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Protocol Buffers protobuf-go. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop flaw in the rotojson.Unmarshal function wh...

openSUSE Security Advisory (SUSE-SU-2024:3098-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:3342-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-24786 affecting package kata-containers for versions less than 3.2.0.azl4-1

CVE-2024-24786 affecting package kata-containers for versions less than 3.2.0.azl4-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-24786 affecting package kata-containers-cc for versions less than 3.2.0.azl4-1

CVE-2024-24786 affecting package kata-containers-cc for versions less than 3.2.0.azl4-1. An upgraded version of the package is available that resolves this issue...

Azure Linux 3.0 Security Update: azcopy / blobfuse2 / cert-manager / cf-cli (CVE-2024-24786)

The version of azcopy / blobfuse2 / cert-manager / cf-cli installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24786 advisory. - The protojson.Unmarshal function can enter an infinite loop when...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Protocol Buffers protobuf-go denial of service vulnerability [ CVE-2024-24786]

Summary Potential denial of service vulnerability in Protocol Buffers protobuf-go CVE-2024-24786 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Protocol Buffers protobuf-go denial of service vulnerabilitiy( CVE-2024-24786)

Summary A potential denial of service vulnerability CVE-2024-24786 has been identified related to Protocol Buffers protobuf-go that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24786...

CVE-2024-24786 affecting package moby-engine for versions less than 24.0.9-13

CVE-2024-24786 affecting package moby-engine for versions less than 24.0.9-13. A patched version of the package is available...