50 matches found
Azure Linux 3.0 Security Update: packer (CVE-2023-49569)
The version of packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49569 advisory. - A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows a...
Azure Linux 3.0 Security Update: cert-manager / influxdb / keda / libcontainers-common / packer (CVE-2024-6104)
The version of cert-manager / influxdb / keda / libcontainers-common / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6104 advisory. - go-retryablehttp prior to 0.7.7 did not sanitize urls...
Azure Linux 3.0 Security Update: packer (CVE-2025-21614)
The version of packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21614 advisory. - go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS...
Azure Linux 3.0 Security Update: packer (CVE-2023-49568)
The version of packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49568 advisory. - A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability...
CVE-2025-21614 affecting package packer for versions less than 1.9.5-5
CVE-2025-21614 affecting package packer for versions less than 1.9.5-5. A patched version of the package is available...
CBL Mariner 2.0 Security Update: packer (CVE-2025-21613)
The version of packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21613 advisory. - go-git is a highly extensible git implementation library written in pure Go. An argument injection...
CBL Mariner 2.0 Security Update: packer (CVE-2025-21614)
The version of packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21614 advisory. - go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS...
AZL-55094 CVE-2025-21613 affecting package packer for versions less than 1.9.5-7
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
AZL-54330 CVE-2024-45337 affecting package packer for versions less than 1.9.5-4
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
AZL-54290 CVE-2024-45337 affecting package packer for versions less than 1.9.5-5
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
CVE-2024-24786 affecting package packer for versions less than 1.9.5-3
CVE-2024-24786 affecting package packer for versions less than 1.9.5-3. A patched version of the package is available...
AZL-52233 CVE-2024-51744 affecting package packer for versions less than 1.9.5-12
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
CVE-2025-21614 affecting package packer for versions less than 1.9.5-7
CVE-2025-21614 affecting package packer for versions less than 1.9.5-7. An upgraded version of the package is available that resolves this issue...
CVE-2024-45338 affecting package packer for versions less than 1.9.5-6
CVE-2024-45338 affecting package packer for versions less than 1.9.5-6. A patched version of the package is available...
CVE-2024-24786 affecting package packer for versions less than 1.9.5-4
CVE-2024-24786 affecting package packer for versions less than 1.9.5-4. A patched version of the package is available...
CVE-2025-11065 affecting package packer for versions less than 1.9.5-18
CVE-2025-11065 affecting package packer for versions less than 1.9.5-18. A patched version of the package is available...
CVE-2025-47911 affecting package packer for versions less than 1.9.5-18
CVE-2025-47911 affecting package packer for versions less than 1.9.5-18. A patched version of the package is available...
AZL-42943 CVE-2024-6104 affecting package packer for versions less than 1.9.5-2
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
UPX 安全漏洞
UPX is a free, secure, portable, scalable, high-performance executable shelling program for multiple executable formats. A security vulnerability exists in UPX version 4.2.2 and prior versions that stems from the presence of a heap-based buffer overflow issue...
AZL-35901 CVE-2024-28180 affecting package packer for versions less than 1.9.5-6
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...