CLSA-2026-1778109988 toolbox: Fix of 9 CVEs

Rebuild with golang = 1.22.5 to fix CVE-2022-1705, CVE-2022-41717, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319, CVE-2023-39326, CVE-2023-45290, CVE-2024-24785, CVE-2024-24791...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2023-7318:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7318:02 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...

MiracleLinux 8 : container-tools:4.0 (AXSA:2023-7321:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7321:01 advisory. golang: net/http: insufficient sanitization of Host header CVE-2023-29406 Tenable has extracted the preceding description block directly from the MiracleLinu...

Linux Distros Unpatched Vulnerability : CVE-2023-29406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests...

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...

openSUSE Security Advisory (SUSE-SU-2024:3656-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : etcd (SUSE-SU-2024:3656-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3656-1 advisory. Update to version 3.5.12: Security fixes: - CVE-2018-16873: Fixed remote command execution in cmd/go bsc1118897 - CVE-2018-16874: Fixed directory...

Photon OS 4.0: Go PHSA-2023-4.0-0484

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0484. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid204352...

Photon OS 5.0: Go PHSA-2023-5.0-0066

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0066. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid204492...

RHEL 9 : butane (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - Uncontrolled recursio...

OESA-2024-1643 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1...

OESA-2024-1584 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1...

RHEL 8 / 9 : OpenShift Container Platform 4.14.10 (RHSA-2024:0293)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0293 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...

openSUSE: Security Advisory for go1.19 (SUSE-SU-2023:3841-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-29406 affecting package golang for versions less than 1.21.6-1

CVE-2023-29406 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2023-29406 affecting package golang for versions less than 1.21.6-1

CVE-2023-29406 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.10 packages and security update

Red Hat OpenShift Container Platform release 4.14.10 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF028 and 23.0.1-IF006. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3006)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...