Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services before 4.6.20 shipped with IBM Cloud Pak for Business Automation iFixes for January 2026.

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation January 2026 security fixes update this dependency to 4.6.20 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2022-23990 DESCRIPTION: Expat aka...

Alibaba Cloud Linux 3 : 0128: go-toolset:an8 (ALINUX3-SA-2025:0128)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0128 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-45336: The HTTP client drops...

RockyLinux 8 : go-toolset:rhel8 (RLSA-2025:3772)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:3772 advisory. golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive headers...

K000152659: Golang vulnerabilities CVE-2024-45336, CVE-2024-45337, CVE-2024-45338, and CVE-2024-45339

Security Advisory Description CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a . com/ containing an Authorization header which is redirected to b . com/ will not send that header to b . com. In the event that the client...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1821)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1820)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1798)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1775)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1702)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1687)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 10 : rhc (RHSA-2025:9514)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9514 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security Fixes:...

Ubuntu: Security Advisory (USN-7574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2025:0299)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0299 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive header drop in Golang/net/http [CVE-2024-45336]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive header drop in Golang/net/http, which can occour following a cross-domain redirect CVE-2024-45336. The Golang/net/http package is used as part of our speech utilities. This vulnerabilitiy has been addressed. Please read the...

Security Bulletin: Go net/http package is vulnerable to a denial of service,a remote attacker could exploit this vulnerability to cause a denial of service, affects watsonx.data

Summary Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending "Expect: 100-continue" requests, a remote attacker could exploit this vulnerability to cause a denial of service and this could affect watsonx.data. Vulnerability Details...

RHEL 10 : delve and golang (RHSA-2025:7466)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7466 advisory. Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go...

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024.

Summary IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024. . This bulletin contains information regarding the vulnerability and its fixture...

SUSE SLES15 Security Update : go1.23-openssl (SUSE-SU-2025:01731-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01731-1 advisory. Update to version 1.23.9 bsc1229122: Security fixes: - CVE-2024-45336: net/http: sensitive headers incorrectly sent after...

SUSE: Security Advisory (SUSE-SU-2025:1555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-45336 affecting package golang for versions less than 1.23.7-1

CVE-2024-45336 affecting package golang for versions less than 1.23.7-1. A patched version of the package is available...