125 matches found
MiracleLinux 8 : go-toolset:rhel8 delve-1.8.3-1.module+el8+1585+5d99e9d3, golang-1.18.9-1.module+el8+1585+5d99e9d3, go-toolset-1.18.9-1.module+el8+1585+5d99e9d3 (AXSA:2023-4877:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4877:01 advisory. golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...
MiracleLinux 8 : cockpit-composer-45-1.el8, osbuild-composer-75-1.el8.ML.1, osbuild-81-1.el8.ML.1, weldr-client-35.9-2.el8 (AXSA:2023-6087:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6087:04 advisory. golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...
MiracleLinux 9 : golang-github-cpuguy83-md2man-2.0.2-4.el9 (AXSA:2023-5357:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5357:01 advisory. golang: regexp/syntax: limit memory used by parsing regexps CVE-2022-41715 Tenable has extracted the preceding description block directly from the MiracleLin...
TencentOS Server 3: container-tools:rhel8 (TSSA-2024:0228)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0228 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: git-lfs (TSSA-2023:0145)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0145 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: cockpit-composer (TSSA-2023:0135)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0135 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: osbuild (TSSA-2023:0105)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0105 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Alibaba Cloud Linux 3 : 0071: git-lfs (ALINUX3-SA-2023:0071)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0071 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2880: Requests forwarded by...
RLSA-2024:0121 Moderate: container-tools:4.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...
Medium: docker
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Medium: docker
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Medium: runc
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Amazon Linux 2 : containerd (ALASECS-2025-060)
The version of containerd installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-060 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read ...
Linux Distros Unpatched Vulnerability : CVE-2022-41715
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation ...
CVE-2022-41715 affecting package golang 1.17.13-2
CVE-2022-41715 affecting package golang 1.17.13-2. No patch is available currently...
openSUSE Security Advisory (SUSE-SU-2024:3288-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RLSA-2024:3254 Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: full container escape at build time CVE-2024-1753 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang...
RHEL 8 : runc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based containe...
RHEL 8 : container-tools:rhel8 (RHSA-2024:3254)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3254 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah:...
RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: urllib3:...