11 matches found
AlmaLinux 10 : buildah (ALSA-2026:29195)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:29195 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...
RockyLinux 10 : podman (RLSA-2026:24470)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24470 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...
ALSA-2026:23102 Important: delve security update
Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
Important: Red Hat Security Advisory: gvisor-tap-vsock security update
An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
MiracleLinux 9 : runc-1.1.9-1.el9 (AXSA:2023-6674:03)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6674:03 advisory. golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 runc: Rootless runc makes /sys/fs/cgroup writable CVE-2023-25809 runc:...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2023-6201:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6201:01 advisory. golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 golang: net/http, mime/multipart: denial of service from excessive...
MiracleLinux 9 : git-lfs-3.6.1-1.el9 (AXSA:2025-10212:04)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10212:04 advisory. golang: crypto/tls: panic when processing post-handshake message on QUIC connections CVE-2023-39321 golang: crypto/tls: lack of a limit on buffered...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
Fedora 29 : 1:openssl (2019-d51641f152)
Minor update release 1.1.1d with low impact security fixes. ---- Fix for TLS non-compliance causing server interoperability problems with golang TLS client. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...