95 matches found
EUVD-2021-0896
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-16845
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. CVE-2020-16845 Note...
Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2020-16845)
The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-16845 advisory. - Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint...
CVE-2020-16845 affecting package python-tensorboard for versions less than 2.16.2-2
CVE-2020-16845 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...
RHEL 8 : Red Hat OpenShift Container Storage 4.6 update (Moderate) (RHSA-2020:5606)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5606 advisory. Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform...
RHEL 7 / 8 : OpenShift Virtualization 4.9.0 RPMs (RHSA-2021:4103)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4103 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...
Oracle Linux 7 : docker-cli / docker-engine (ELSA-2020-5823)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5823 advisory. - Address CVE-2020-16845 - update to 19.03.11 for CVE-2020-13401 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 - Address CVE-2020-16845 ...
Ubuntu 16.04 ESM : Go vulnerability (USN-5725-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5725-2 advisory. USN-5725-1 fixed a vulnerability in Go. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding description block...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Go vulnerability (USN-5725-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5725-1 advisory. Diederik Loerakker, Jonny Rhea, Ral Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker cou...
RHEL 7 / 8 : OpenShift Container Platform 4.7.13 (RHSA-2021:2122)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2122 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.9.0 RPMs security and bug fix update
Red Hat OpenShift Virtualization release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...
CVE-2020-16845 affecting package golang 1.13.11-
CVE-2020-16845 affecting package golang 1.13.11-. An upgraded version of the package is available that resolves this issue...
SUSE: Security Advisory (SUSE-SU-2020:2562-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.7.13 packages and security update
Red Hat OpenShift Container Platform release 4.7.13 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of...
GHSA-25XM-HR59-7C27 github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size ...
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size ...
RHEL 8 : OpenShift Container Platform 4.7.9 (RHSA-2021:1366)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1366 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.9 packages and security update
Red Hat OpenShift Container Platform release 4.7.9 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.7.9. Red Hat Product Security has rated this update as having a security impact of...
Security Bulletin: GO is suspectible for denial of service on IBM Watson Machine Learning on CP4D
Summary GO is suspectible for denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-16845 DESCRIPTION: Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a...
CVE-2021-29482
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...