go-git: Maliciously crafted Git server replies can cause DoS on go-git clients

A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

RHEL 9 : grafana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grafana: session control failure may lead to information disclosure CVE-2022-32275 - protobufjs: prototyp...

RHEL 8 : grafana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grafana: session control failure may lead to information disclosure CVE-2022-32275 - protobufjs: prototyp...

CVE-2024-35183

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

RHEL 8 : go-git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - go-git: Maliciously crafted Git server replies can cause DoS on go-git clients CVE-2023-49568 Note that Nessus has...

RHEL 9 : go-git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

RHEL 8 / 9 : Red Hat Ceph Storage 6.1 (RHSA-2024:2631)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2631 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with...

Important: Red Hat Security Advisory: ACS 4.4 enhancement and security update

Important: Updated images are now available for Red Hat Advanced Cluster Security. Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. This release includes the following features and updates: New Compliance capabilities...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Docker Registry, OpenSSH and go-git

Summary go-git and DockerRegistry are consumed through OSE packages. OSE package is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2017-11468 DESCRIPTION: Docker...

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift Builds 1.0.1

An update is now available for Red Hat OpenShift Builds 1.0. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Critical: Red Hat Security Advisory: ACS 4.3 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Go-git with Instana Agent container image

Summary Vulnerabilities in Go-git were remediated in IBM Observability with Instana with Instana Agent container image build 265. CVE-2023-49569 & CVE-2023-49568 Vulnerability Details CVEID:CVE-2023-49569 DESCRIPTION: go-git could allow a remote attacker to traverse directories on the system. By...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 packages and cryptographic algorithms

Summary go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTIO...

Critical: Red Hat Security Advisory: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updates

Red Hat Multicluster GlobalHub 1.0.2 General Availability release images, which fix bugs, provide security updates, and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which giv...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

go-git: Maliciously crafted Git server replies can cause DoS on go-git clients

A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...

Critical: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.31.1 security update

Red Hat OpenShift Serverless 1.31.1 is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...