Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the OIDC token exchange process. An attacker can obtain tokens for unauthorized clients or reuse expired authorization codes by submitting a valid authorization code with a different client ID or by using an...

CLSA-2025-1763648873 runc: Fix of 6 CVEs

upgrade to runc 1.2.8 to fix multiple critical security vulnerabilities: - CVE-2024-21626: fix file descriptor leak vulnerability allowing container escape - CVE-2025-52565: fix container escape with malicious config due to /dev/console mount races - CVE-2025-31133: fix container escape and...

OESA-2024-2397 golang security update

. Security Fixes: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.CVE-2024-34155 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.CVE-2024-341...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

UBUNTU-CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

SUSE-SU-2023:4974-1 Security update for distribution

This update for distribution fixes the following issues: distribution was updated to 2.8.3 bsc1216491: Pass BUILDTAGS argument to go build Enable Go build tags reference: replace deprecated function SplitHostname Dont parse errors as JSON unless Content-Type is set to JSON update to go 1.20.8 Set...

PT-2023-36301 · Unknown · Distribution

Name of the Vulnerable Software and Affected Versions: distribution versions prior to 2.8.3 Description: The issue is related to several problems in the distribution package, including the parsing of errors as JSON, the handling of HTTP request bodies, and the deprecation of certain functions and...

istio security update

istio 1.17.5-1 - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt 0.58.0-3 - Ensure that selinux build tags are set for all Go builds olcne 1.7.2-2 - Update kubevirt image versions fixing selinux=enforce not being supported 1.7.2-1 - Add Istio-1.17.5 and...