61 matches found
RHCOS 4 : OpenShift Container Platform 4.10.25 (RHSA-2022:5729)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5729 advisory. - golang: cmd/go: misinterpretation of branch names can lead to incorrect access control CVE-2022-23773 - golang: crypto/elliptic:...
Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation
Summary Multiple vulnerabilities were addressed in IBM Rapid Infrastructure Automation v1.1.5 Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This...
Linux Distros Unpatched Vulnerability : CVE-2022-23806
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a...
Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2022-23806)
The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23806 advisory. - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can...
CBL Mariner 2.0 Security Update: golang (CVE-2022-23806)
The version of golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23806 advisory. - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true...
CVE-2022-23806 affecting package python-tensorboard for versions less than 2.16.2-2
CVE-2022-23806 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...
Security Bulletin: Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerability ( CVE-2022-23806)
Summary Potential Golang Go denial of service vulnerability CVE-2022-23806 has been identified that may affect Watson CP4D Data Stores Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23806 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a...
Moderate: Red Hat Security Advisory: Service Telemetry Framework 1.5 security update
An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
SUSE SLES15 / openSUSE 15 Security Update : google-osconfig-agent (SUSE-SU-2023:0602-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0602-1 advisory. Updated to version 20230222.00 and bumped go API version to 1.18 to address the following bsc1208723: - CVE-2021-3829...
SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2023:0601-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0601-1 advisory. Updated to version 20230222.00 bsc1202100, bsc1202101 and bumped go API version to 1.18 to address the following bsc1208723: -...
SUSE SLES15 / openSUSE 15 Security Update : google-guest-agent (SUSE-SU-2023:0600-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0600-1 advisory. Updated to version 20230222.00 and bumped go API version to 1.18 to address the following bsc1208723: - CVE-2021-3829...
Medium: golang
Issue Overview: Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This...
Amazon Linux AMI : golang, golang-bin, golang-misc (ALAS-2023-1685)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1685 advisory. Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 cmd/go in Go before 1.16.14 and 1.17.x befo...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-23806
Summary The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands utilise Golang Go. The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. Vulnerability Details CVEID:CVE-2022-24921 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation. By using a specially-crafted deeply nested expression, a remote...
Important: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...
RHEL 7 / 8 : OpenShift Container Platform 4.10.25 (RHSA-2022:5729)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5729 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.28 packages and security update
Red Hat OpenShift Container Platform release 4.10.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.26 security update
Red Hat OpenShift Container Platform release 4.10.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...