RHCOS 4 : OpenShift Container Platform 4.7.4 (RHSA-2021:0958)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0958 advisory. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 Note that Nessus has not tested for this issue but has inste...

ROS-20250226-17

A vulnerability in the crypto-elliptic component of the Golang programming language is related to uncontrolled resource consumption. resource consumption. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information...

Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2021-3114)

The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3114 advisory. - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate...

PT-2025-4738

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.23.6 Go versions prior to 1.22.12 Description: The issue concerns a security fix in the crypto/elliptic module. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a...

ROS-20241203-15

Go programming language vulnerability is related to errors in handling whitespace characters in context JavaScript. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of protected information. affect the confidentiality,...

CBL Mariner 2.0 Security Update: golang (CVE-2022-23806)

The version of golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23806 advisory. - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true...

RHEL 8 : faq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic: IsOnCurve returns true for invalid field elements CVE-2022-23806 - Go before...

RHEL 8 : ior (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic: panic caused by oversized scalar CVE-2022-28327 Note that Nessus has not tested for this...

RHEL 8 : Release of OpenShift Serverless Client kn 1.14.1 (RHSA-2021:2095)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2095 advisory. Red Hat OpenShift Serverless Client kn 1.14.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.14.1. The kn CLI is delivered a...

RHEL 8 / 9 : Red Hat Service Interconnect 1.4 Release (RHSA-2023:4003)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4003 advisory. As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application...

RHEL 7 / 8 : OpenShift Virtualization 4.9.0 RPMs (RHSA-2021:4103)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4103 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...

RHEL 8 : Red Hat OpenShift Data Foundation 4.11.0 (RHSA-2022:6155)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6155 advisory. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Re...

RHEL 8 : Release of OpenShift Serverless Client kn 1.22.1 (Moderate) (RHSA-2022:4860)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4860 advisory. The Red Hat OpenShift Serverless Client kn 1.22.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.1. The kn CLI is deliver...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

BIT-GOLANG-2022-28327

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input...

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5337)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5337 advisory. - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. CVE-2022-24675 - regexp.Compile ...

Moderate: Red Hat Security Advisory: Red Hat Service Interconnect 1.4 Release security update

This is release 1.4 of the rpms for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allo...

golang: crypto/elliptic: panic caused by oversized scalar

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

Information disclosure

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...