UBUNTU-CVE-2026-46595

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

Security update for google-guest-agent (important)

openSUSE security update: security update for google-guest-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20609-1 Rating: important References: bsc1234563 bsc1236533 bsc1239763 bsc1239866 bsc1243254 bsc1243505 Cross-References: CVE-2023-45288...

OPENSUSE-SU-2026:20609-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: Update to version 20250506.01 bsc1243254, bsc1243505. Security issues fixed: - CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to authorization bypass in applications bsc1234563....

SUSE-SU-2026:0592-1 Security update for vexctl

This update for vexctl fixes the following issues: - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 - CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in...

TencentOS Server 4: cri-o (TSSA-2025:0393)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0393 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: buildah (TSSA-2025:0378)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0378 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.59 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Ubuntu: Security Advisory (USN-7839-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7839-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.50 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.41 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2024-45337 and CVE-2025-22869

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2024-45337 and CVE-2025-22869 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.58 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

SUSE SLES15 / openSUSE 15 Security Update : kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (SUSE-SU-2025:03278-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03278-1 advisory. This update for kubevirt updates golang.org/x/net to 0.38.0, fixing security issues CVE-2025-22872, CVE-2024-45337,...

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and...

Security Bulletin: IBM Storage Ceph is vulnerable to Authorization Bypass in Grafana (CVE-2024-45337)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-45337 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...

K000152659: Golang vulnerabilities CVE-2024-45336, CVE-2024-45337, CVE-2024-45338, and CVE-2024-45339

Security Advisory Description CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a . com/ containing an Authorization header which is redirected to b . com/ will not send that header to b . com. In the event that the client...

Security Bulletin: Security vulnerabilities have been addressed in IBM Verify Identity Access OIDC Provider (CVE-2024-45337, CVE-2025-22869)

Summary Multiple security vulnerabilities have been addressed in IBM Verify Identity Access OIDC Provider. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to authorization bypass due to golang/crypto ( CVE-2024-45337 )

Summary Potential vulnerabilities in golang/crypto module CVE-2024-45337 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via callback field...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 1.1.0 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an...