Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.3

Red Hat OpenShift Service Mesh 3.3.3 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.3....

CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

Important: amazon-cloudwatch-agent

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

Design/Logic Flaw

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code executio...

Red Hat Enterprise Linux 资源管理错误漏洞

Red Hat Enterprise Linux is a Linux operating system for business users from Red Hat, Inc. A security vulnerability exists in Red Hat Enterprise Linux 7 that stems from the inclusion of an incorrect version of podman, which could cause Go applications using the Go GPGME wrapper library to crash o...

CVE-2020-8945

A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...

UBUNTU-CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698

CVE-2022-21698 affects the Prometheus Go client_golang promhttp instrumentation (prior to v1.11.1). The issue allows HTTP server DoS/memory exhaustion when processing non-standard HTTP methods via promhttp.InstrumentHandler* (except RequestsInFlight). A patch exists in v1.11.1; remediation is to ...

OPENSUSE-SU-2017:1650-1 Security update for go

This update for go fixes the following issues: - CVE-2017-8932: Add patch to fix carry bug in x86-64 P-256 implementation boo1040618 Please note that go applications will need to be rebuilt to get this fix, as all go applications are statically linked. As we are regulary releasing updates to our...

OPENSUSE-SU-2017:1649-1 Security update for go

This update for go fixes the following issues: - CVE-2017-8932: Add patch to fix carry bug in x86-64 P-256 implementation boo1040618 Please note that go applications will need to be rebuilt to get this fix, as all go applications are statically linked. As we are regulary releasing updates to our...