84 matches found
RHCOS 4 : OpenShift Container Platform 4.13.0 (RHSA-2023:1329)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1329 advisory. - golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 - golang: crypto/tls: large...
MiracleLinux 8 : container-tools:rhel8 (AXSA:2023-7318:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7318:02 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...
Security Bulletin: Vulnerability in go package in nginx-controller affects IBM Db2 Data Management Console
Summary go package in nginx-controller open source library is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the...
Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2_u1
Summary Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2u1. The vulnerabilities have been addressed in Data Protect 7.2.2u1, which is included with IBM Storage Defender 2.0.14. Vulnerability Details CVEID:CVE-2023-26118...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to installation failure due to opm ( CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2015-3627, CVE-2023-25173, CVE-2023-25153, CVE-2022-23471, CVE-2023-24532 )
Summary Opm is used by IBM Cloud Pak for Data as part of the installation operator catalog. CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2015-3627, CVE-2023-25173, CVE-2023-25153, CVE-2022-23471, CVE-2023-24532. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerabl...
Linux Distros Unpatched Vulnerability : CVE-2022-41724
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients,...
CVE-2022-41724 affecting package gcc 11.2.0-9
CVE-2022-41724 affecting package gcc 11.2.0-9. This CVE either no longer is or was never applicable...
CVE-2022-41724 affecting package golang 1.17.13-2
CVE-2022-41724 affecting package golang 1.17.13-2. No patch is available currently...
Oracle Linux 9 : containernetworking-plugins (ELSA-2024-9089)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-9089 advisory. - rebuild for CVE-2024-24791 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723...
Oracle Linux 9 : runc (ELSA-2024-9200)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-9200 advisory. - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - runc 1.1.5 resolve...
Oracle Linux 9 : buildah (ELSA-2024-9097)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9097 advisory. - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724...
Oracle Linux 9 : skopeo (ELSA-2024-9098)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9098 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler ( CVE-2022-41724 CVE-2021-34558 )
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-41724 CVE-2021-34558. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )
Summary Nginx is used by IBM Cloud Pak for Data as part of the web interface. CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods o...
RHEL 8 / 9 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3366 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
RHEL 9 : OpenShift Container Platform 4.13.0 (RHSA-2023:1329)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1329 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built fr...
RHEL 8 / 9 : OpenShift Container Platform 4.13.1 (RHSA-2023:3303)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3303 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1. A patched version of the package is available...
CentOS 9 : containernetworking-plugins-1.3.0-2.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the containernetworking-plugins-1.3.0-2.el9 build changelog. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a...
CVE-2022-41724 affecting package golang for versions less than 1.21.6-1
CVE-2022-41724 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...