MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

MiracleLinux 8 : osbuild-composer-101-2.el8_10.ML.1 (AXSA:2024-8868:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8868:03 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 encoding/gob: golang: Calling Decoder.Decode on a...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-8888:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8888:01 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 8 : grafana-pcp-5.1.1-9.el8_10 (AXSA:2024-9021:07)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9021:07 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : grafana-9.2.10-19.el9_4 (AXSA:2024-8957:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8957:17 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the...

MiracleLinux 9 : podman-4.9.4-5.el9_4 (AXSA:2024-8550:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8550:06 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : grafana-9.2.10-20.el8_10 (AXSA:2024-8935:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8935:16 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the...

MiracleLinux 9 : osbuild-composer-132-1.el9.ML.1, osbuild-141-1.el9.ML.1 (AXSA:2025-10326:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10326:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 go/build/constraint: golang: Calling Parse on a //...

TencentOS Server 3: grafana (TSSA-2024:0734)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0734 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2024:0769)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0769 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: grafana-pcp (TSSA-2024:0789)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0789 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0231: grafana (ALINUX3-SA-2024:0231)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0231 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-47875: DOMPurify is a DOM-only,...

golang-fips: Golang FIPS zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

Important: osbuild and osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

RHEL 9 : grafana-pcp (RHSA-2024:9551)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9551 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

OESA-2025-1167 etcd security update

%expand: Security Fixes: A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang golang-fips/openssl denial of service vulnerabilitiy( CVE-2024-1394 )

Summary Potential Golang golang-fips/openssl denial of service vulnerabilitiy CVE-2024-1394 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-1394 DESCRIPTION:...

RHEL 7 : rhc-worker-script (RHSA-2024:10133)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10133 advisory. Remote Host Configuration rhc worker for executing scripts on hosts managed by Red Hat Insights. Security Fixes: net/http: Denial of servic...

Moderate: Red Hat Security Advisory: rhc-worker-script security update

An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

grafana security update

10.2.6-4 - Resolves RHEL-44874 10.2.6-3 - Resolves RHEL-35937 10.2.6-2 - Fixes patch 1002 for update to golang-fips - Remove unused code under apsl-1.1 and apsl-1.2 licenses - Resolves RHEL-33655 10.2.6-1 - Rebase to grafana 10.2.6 9.2.10-15 - Resolves RHEL-23468 - Allows for gid to be 0 - Allows...