RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go: encoding/xml: XML element instability CVE-2020-29511 - The x/text package before 0.3.3 for Go has a...

GHSA-5RCV-M4M3-HFH7 golang.org/x/text Infinite loop

Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

Moderate: Red Hat Security Advisory: Red Hat 3scale API Management 2.10.0 security update and release

A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.1.5 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.1.5 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

RHEL 7 : podman (RHSA-2020:5056)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5056 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...

Moderate: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : container-tools:rhel8 (RHSA-2020:4694)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4694 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes:...

Amazon Linux AMI : golang (ALAS-2020-1436)

The version of golang installed on the remote host is prior to 1.13.15-1.59. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1436 advisory. The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder...

golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...

golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...

CVE-2020-14040

CVE-2020-14040 affects golang.org/x/text/encoding/unicode and golang.org/x/text/transform in the x/text package for Go, with a vulnerability in encoding/unicode that can cause the UTF-16 decoder to enter an infinite loop, potentially crashing or exhausting memory when a single byte is supplied to...