74 matches found
MiracleLinux 9 : containernetworking-plugins-1.4.0-5.el9_4 (AXSA:2024-8752:04)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8752:04 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 Tenable has extracted the preceding description block...
MiracleLinux 8 : git-lfs-3.4.1-2.el8 (AXSA:2024-8248:04)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8248:04 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...
MiracleLinux 9 : buildah-1.33.7-4.el9_4 (AXSA:2024-8769:07)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8769:07 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 Tenable has extracted the preceding description block...
K000152675: Golang crypto vulnerabilities CVE-2024-24783 and CVE-2025-22866
Security Advisory Description CVE-2024-24783 Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or...
Security Bulletin: IBM Storage Ceph contains vulnerabilities found in Golang (CVE-2024-24785 CVE-2024-24784 CVE-2024-24783 CVE-2024-24788 CVE-2024-24789 CVE-2024-24790 CVE-2024-6104 CVE-2024-24791 CVE-2024-34155 CVE-2024-34156)
Summary Golang is used by IBM Storage Ceph in Grafana and the Dashboard. CVE-2024-24785 CVE-2024-24784 CVE-2024-24783 CVE-2024-24788 CVE-2024-24789 CVE-2024-24790 CVE-2024-6104 CVE-2024-24791 CVE-2024-34155 CVE-2024-34156 This bulletin identifies the steps to take to address the vulnerability in...
TencentOS Server 3: git-lfs (TSSA-2024:0231)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0231 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2024-24783
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy( CVE-2024-24783)
Summary Potential Golang Go denial of service vulnerabilitiy CVE-2024-24783 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24783 DESCRIPTION: Golang Go is...
openSUSE Security Advisory (SUSE-SU-2024:3755-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:3755-1 Security update for go1.21-openssl
This update for go1.21-openssl fixes the following issues: - CVE-2024-24791: Fixed denial of service due to improper 100-continue handling bsc1227314 - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip bsc1225973 - CVE-2024-24790: Fixed unexpected behavior from ...
ALSA-2024:6969 Moderate: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: crypto/x509: Verify panics on certificates with an unknown public key algorith...
openSUSE Security Advisory (SUSE-SU-2024:3089-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 9 : podman (ALSA-2024:6194)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6194 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 go-retryablehttp: url might write sensitive...
SUSE: Security Advisory (SUSE-SU-2024:3089-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: containernetworking-plugins security update
An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Critical: Red Hat Security Advisory: The Red Hat OpenShift Builds 1.1.0 General Availability
Red Hat OpenShift Builds 1.1.0 Critical: Security fixes and ships the operator with a RHEL9 base. The release of Red Hat OpenShift Builds 1.1.0 General Availability introduces the following change: - The Builds Operator has been migrated to a RHEL 9 base. - The CSI driver is now integrated and...
Moderate: Red Hat Security Advisory: gvisor-tap-vsock security update
An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
runc security update
4:1.1.12-4 - rebuild for CVE-2024-24783 - Resolves: RHEL-28439...
gvisor-tap-vsock security update
6:0.7.3-5 - rebuild for CVE-2024-24783 - Resolves: RHEL-28435...
containernetworking-plugins security update
1:1.4.0-5 - rebuild for CVE-2024-24783 - Resolves: RHEL-28431...