openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-30581

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

Design/Logic Flaw

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-3089

CVE-2023-3089 affects Red Hat OpenShift Container Platform; in OpenShift 4.13.x, the advisory RHSA-2023:4093 notes the fix for OCP in FIPS mode, stating that the CVE-3089 issue (in which not all cryptographic modules in use were FIPS-validated) is addressed by upgrading to OpenShift 4.13.5 and ap...

CVE-2023-3089 Ocp & fips mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-3089 Ocp & fips mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not be...

Rockwell Automation ControlLogix Communications Modules Multiple Vulnerabilities

Binary data rockwellautomationcontrollogix1756.nbin...

OESA-2023-1386 golang security update

The Go Programming Language. Security Fixes: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline character...

USN-6112-1: Perl vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to...

golang: cmd/go: go command may generate unexpected code at build time when using cgo

A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names...

golang: cmd/go: go command may execute arbitrary code at build time when using cgo

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...

golang: cmd/go: go command may generate unexpected code at build time when using cgo

A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names...

golang: cmd/go: go command may generate unexpected code at build time when using cgo

A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names...

PT-2023-3413 · Mitsubishi · Melsec Iq-F Series

Name of the Vulnerable Software and Affected Versions: MELSEC iQ-F Series versions FX3U, FX3UC, FX3G, FX3GC-32MT, FX3GE, FX3GA, FX3S, and FX3SA Description: The issue is related to an authentication bypass vulnerability using a capture-replay attack on intercepted parameters. This could allow a...

Schneider Electric Modicon Improper Check for Unusual or Exceptional Conditions (CVE-2020-7539)

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause a denial of service...

Schneider Electric Modicon Credentials Management Errors (CVE-2020-7533)

A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules see security notification for version information which could cause the execution of commands on the webserver without...