AZL-58469 CVE-2025-22870 affecting package packer for versions less than 1.9.5-9

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection...

CVE-2025-22869 affecting package packer for versions less than 1.9.5-10

CVE-2025-22869 affecting package packer for versions less than 1.9.5-10. A patched version of the package is available...

CVE-2025-22868 affecting package packer for versions less than 1.9.5-10

CVE-2025-22868 affecting package packer for versions less than 1.9.5-10. A patched version of the package is available...

CVE-2025-27144 affecting package packer for versions less than 1.9.5-9

CVE-2025-27144 affecting package packer for versions less than 1.9.5-9. A patched version of the package is available...

AZL-57422 CVE-2025-22868 affecting package packer for versions less than 1.9.5-10

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

AZL-57458 CVE-2025-22869 affecting package packer for versions less than 1.9.5-10

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57393 CVE-2025-22869 affecting package packer for versions less than 1.9.5-6

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57339 CVE-2025-22868 affecting package packer for versions less than 1.9.5-6

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

CVE-2024-28180 affecting package packer for versions less than 1.9.5-8

CVE-2024-28180 affecting package packer for versions less than 1.9.5-8. A patched version of the package is available...

Azure Linux 3.0 Security Update: etcd / packer (CVE-2022-3064)

The version of etcd / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3064 advisory. - Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. CVE-2022-306...

Azure Linux 3.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

Azure Linux 3.0 Security Update: packer (CVE-2025-21614)

The version of packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21614 advisory. - go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS...

Azure Linux 3.0 Security Update: packer (CVE-2023-49569)

The version of packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49569 advisory. - A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows a...

Azure Linux 3.0 Security Update: packer (CVE-2023-49568)

The version of packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49568 advisory. - A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability...

Azure Linux 3.0 Security Update: packer (CVE-2025-21613)

The version of packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21613 advisory. - go-git is a highly extensible git implementation library written in pure Go. An argument injection...

Azure Linux 3.0 Security Update: cert-manager / influxdb / keda / libcontainers-common / packer (CVE-2024-6104)

The version of cert-manager / influxdb / keda / libcontainers-common / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6104 advisory. - go-retryablehttp prior to 0.7.7 did not sanitize urls...

CBL Mariner 2.0 Security Update: packer / terraform (CVE-2023-0475)

The version of packer / terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0475 advisory. - HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 an...

CVE-2025-21613 affecting package packer for versions less than 1.9.5-5

CVE-2025-21613 affecting package packer for versions less than 1.9.5-5. A patched version of the package is available...

CVE-2025-21614 affecting package packer for versions less than 1.9.5-5

CVE-2025-21614 affecting package packer for versions less than 1.9.5-5. A patched version of the package is available...