RHCOS 4 : OpenShift Container Platform 4.14.40 (RHSA-2024:8700)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8700 advisory. - buildah: Buildah allows arbitrary directory mount CVE-2024-9675 - Podman: Buildah: CRI-O: symlink traversal vulnerability in the...

RHCOS 4 : OpenShift Container Platform 4.15.37 (RHSA-2024:8428)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8428 advisory. - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 - Podman: Builda...

RHCOS 4 : OpenShift Container Platform 4.13.53 (RHSA-2024:8690)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8690 advisory. - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 - buildah: Build...

RHCOS 4 / 9 : OpenShift Container Platform 4.17.2 (RHSA-2024:8232)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8232 advisory. - github.com/jaraco/zipp: Denial of Service infinite loop via crafted zip file in jaraco/zipp CVE-2024-5569 - go/parser: golang:...

MiracleLinux 9 : grafana-10.2.6-7.el9 (AXSA:2024-9335:21)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9335:21 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...

MiracleLinux 9 : osbuild-composer-101-2.el9_4.ML.1 (AXSA:2024-8870:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8870:04 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 9 : grafana-pcp-5.1.1-3.el9_4 (AXSA:2024-8847:06)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8847:06 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 9 : buildah-1.33.9-1.el9_4 (AXSA:2024-8904:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8904:08 advisory. go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34155...

MiracleLinux 8 : osbuild-composer-101-2.el8_10.ML.1 (AXSA:2024-8868:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8868:03 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 encoding/gob: golang: Calling Decoder.Decode on a...

MiracleLinux 9 : osbuild-composer-118-2.el9.ML.1 (AXSA:2024-9376:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9376:05 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 9 : grafana-9.2.10-17.el9_4 (AXSA:2024-8844:13)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8844:13 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 9 : podman-5.2.2-9.el9 (AXSA:2024-9333:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9333:11 advisory. go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34155...

MiracleLinux 8 : container-tools:4.0 (AXSA:2023-5976:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5976:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions...

MiracleLinux 9 : podman-4.9.4-13.el9_4 (AXSA:2024-8900:09)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8900:09 advisory. go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34155...

MiracleLinux 9 : skopeo-1.14.5-2.el9_4 (AXSA:2024-8905:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8905:05 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

Malicious code in lobic-gob-gvi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7282623ec23949a30a134b6faae2b89be012967e8d39a72469b5850d63aa623 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lobic-gob-gvatfagi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5affaddf4649cc66ddfc7c28e170b50d4c8c7adf4967ababcb4dd4aa56ec670d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lobic-gob-gvatuagfagi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f493869c769f23ac07c56080dd6ae65fda964dc499a5e514f435595b8f59dd4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183516 Malicious code in lobic-gob-gvatfagi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5affaddf4649cc66ddfc7c28e170b50d4c8c7adf4967ababcb4dd4aa56ec670d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lobic-gob-gusi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69be5d4d455a24a7e9579727f563321f9706fe33fdd4da661195e4fc887306db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...