13 matches found
RHEL 9 : runc (RHSA-2026:25253)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:25253 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...
RLSA-2026:3839 Important: image-builder security update
A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in query...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.52 packages and security update
Red Hat OpenShift Container Platform release 4.17.52 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
Important: skopeo security update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang:...
ALPINE-CVE-2025-69419
Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...
MiracleLinux 8 : compat-openssl10-1.0.2o-4.el8 (AXSA:2022-3803:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3803:01 advisory. compat-openssl10: Infinite loop in BNmodsqrt reachable when parsing certificates CVE-2022-0778 CVEs: CVE-2022-0778 Tenable has extracted the preceding...
CVE-2022-26766
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation...
EUVD-2022-31316
Malicious code in bioql PyPI...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation through the parsing of X.509 certificates. An attacker can cause excessive CPU consumption and disrupt service by submitting a specially crafted malicious certificate. Remediation Upgrade...
CVE-2022-26766
CVE-2022-26766 is a certificate parsing issue addressed by Apple in updates for multiple OSes. The advisory states that a malicious app may bypass signature validation due to improved checks in certificate parsing. Affected and fixed versions include: tvOS 15.5; iOS 15.5 and iPadOS 15.5; watchOS ...
CVE-2022-26766
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation...
SUSE-SU-2022:14915-1 Security update for openssl
This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877...
SUSE-SU-2022:0853-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877...