57 matches found
Azure Linux 3.0 Security Update: python-tensorboard (CVE-2021-33196)
The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-33196 advisory. - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive...
EUVD-2021-25654
Malware in sbrugna...
RHEL 8 : Release of OpenShift Serverless Client kn 1.16.0 (Moderate) (RHSA-2021:2704)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2704 advisory. Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered a...
CVE-2021-33196 affecting package python-tensorboard for versions less than 2.16.2-2
CVE-2021-33196 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...
RHEL 8 : Release of OpenShift Serverless Client kn 1.17.0 (Moderate) (RHSA-2021:3555)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3555 advisory. Red Hat OpenShift Serverless Client kn 1.17.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.17.0. The kn CLI is delivered a...
BIT-GOLANG-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:3076)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3076 advisory. - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the midd...
RHEL 7 / 8 : OpenShift Container Platform 4.9.0 (RHSA-2021:3758)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3758 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
PT-2022-10612 · Red Hat · Openshift Serverless
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0...
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403 Vulnerabilities: Multiple 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause crashes and unrestricted file access, impacting the...
GO-2022-0273 Panic due to crafted inputs in archive/zip
The NewReader and OpenReader functions in archive/zip can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. This is caused by an incomplete fix for CVE-2021-33196...
RHEL 8 : go-toolset:rhel8 (RHSA-2022:1819)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1819 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: Command-li...
golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: Command-line arguments may overwrite global data CVE-2021-38297 golang: archive/zip: malformed archive may cause panic or memory exhaustion incomplete fix of...
go-toolset:rhel8 security and bug fix update
An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...
RLSA-2022:1819 Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: Command-line arguments may overwrite global data CVE-2021-38297 golang: archive/zip: malformed archive may cause panic or memory exhaustion incomplete fix of...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-33196)
Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2021-33196 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By persuading a victim to open a specially-crafted...
Vulnerabilities fixed in IBM Db, Db2 on OpenShift and Cloud Pak for Data
Several vulnerabilities have been fixed in IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data. These vulnerabilities allow an attacker to execute arbitrary code execute arbitrary code or cause a denial-of-service DoS. For the vulnerabilities with attributes CVE-2021-33196 an...
golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could...