Lucene search
K

57 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : podman-4.9.4-5.el9_4 (AXSA:2024-8550:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8550:06 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly...

7.5CVSS5.7AI score0.01533EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

8.3CVSS7.8AI score0.01533EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : osbuild-composer-101-2.el8_10.ML.1 (AXSA:2024-8868:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8868:03 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 encoding/gob: golang: Calling Decoder.Decode on a...

7.5CVSS7.8AI score0.01533EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : osbuild-composer-132-1.el9.ML.1, osbuild-141-1.el9.ML.1 (AXSA:2025-10326:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10326:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 go/build/constraint: golang: Calling Parse on a //...

7.5CVSS7.9AI score0.01533EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.6 views

TencentOS Server 3: grafana (TSSA-2024:0734)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0734 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

10CVSS7.6AI score0.01093EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.7 views

TencentOS Server 3: go-toolset:rhel8 (TSSA-2024:0769)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0769 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.5CVSS7.1AI score0.00298EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.8 views

TencentOS Server 3: grafana-pcp (TSSA-2024:0789)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0789 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.5CVSS7.1AI score0.00298EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.11 views

Alibaba Cloud Linux 3 : 0231: grafana (ALINUX3-SA-2024:0231)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0231 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-47875: DOMPurify is a DOM-only,...

10CVSS7.6AI score0.01093EPSS
Exploits2References3
OSV
OSV
added 2025/02/21 1:37 p.m.7 views

OESA-2025-1167 etcd security update

%expand: Security Fixes: A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes...

6.5CVSS6.8AI score0.00298EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.15 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang golang-fips/openssl denial of service vulnerabilitiy( CVE-2024-1394 )

Summary Potential Golang golang-fips/openssl denial of service vulnerabilitiy CVE-2024-1394 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-1394 DESCRIPTION:...

7.5CVSS7.8AI score0.01533EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/05 3:58 a.m.7 views

golang-fips: Golang FIPS zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/10/01 9:31 p.m.25 views

Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS6.8AI score0.00298EPSS
Exploits0References18Affected Software1
NVD
NVD
added 2024/10/01 7:15 p.m.18 views

CVE-2024-9355

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS0.00298EPSS
Exploits0References14
Cvelist
Cvelist
added 2024/10/01 6:17 p.m.31 views

CVE-2024-9355 Golang-fips: golang fips zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS0.00298EPSS
Exploits0References14
CVE
CVE
added 2024/10/01 6:17 p.m.180 views

CVE-2024-9355

CVE-2024-9355 is reported in the provided CVE entry as affecting Golang FIPS OpenSSL used in MiracleLinux advisories. The connected Nessus entries (MIRACLE_LINUX_AXSA-2024-8888.NASL, MIRACLE_LINUX_AXSA-2024-9021.NASL, MIRACLE_LINUX_AXSA-2024-8957.NASL, MIRACLE_LINUX_AXSA-2024-8885.NASL, and other...

6.5CVSS6.5AI score0.00298EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2024/10/01 6:17 p.m.22 views

CVE-2024-9355 Golang-fips: golang fips zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS6.9AI score0.00298EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2024/09/30 9:8 p.m.24 views

CVE-2024-9355

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS6.3AI score0.00298EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2024/09/30 2:30 p.m.18 views

osbuild-composer security update

An update is available for osbuild-composer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...

7.5CVSS7.8AI score0.01533EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/30 12:0 a.m.20 views

Rocky Linux 8 : osbuild-composer (RLSA-2024:7262)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:7262 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 encoding/gob: golang: Calling Decoder.Decode on a message...

7.5CVSS7.8AI score0.01533EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.13 views

PT-2024-39589

Name of the Vulnerable Software and Affected Versions Golang FIPS OpenSSL affected versions not specified Description A flaw in Golang FIPS OpenSSL allows a malicious user to cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. This may also lead to a...

7.6CVSS6.9AI score0.00298EPSS
Exploits0References173
Rows per page
Query Builder