RHCOS 4 / 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. - dnspython: denial of service in stub resolver CVE-2023-29483 - golang: net/http/cookiejar: incorrect forwarding of sensitive...

MiracleLinux 8 : container-tools:4.0 (AXSA:2023-5976:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5976:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2025-1775)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization head...

K000152389: golang: net/http, x/net/http2 vulnerability CVE-2023-39325

Security Advisory Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allo...

Ongoing Social Engineering Campaign Refreshes Payloads

Executive Summary On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures TTPs that are consistent with an ongoing social engineering campaign being tracked by Rapid7. Rapid7 observed a meaningful shift in the tools used by th...

RHEL 8 : Red Hat OpenShift Data Foundation 4.10.0 RPM (RHSA-2022:1361)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1361 advisory. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Re...

Moderate: containernetworking-plugins security and bug fix update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

Important: golang

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

Havoc - Modern and malleable post-exploitation command and control framework

Havoc is a modern and malleablepost-exploitation command and control framework, created by @C5pider. Havoc is in an early state of release. Breaking changes may be made to APIs/core structures as the framework matures. Support Consider supporting C5pider on Patreon/Github Sponsors. Additional...

Excessive memory growth in net/http and golang.org/x/net/http2

...

AZL-33604 CVE-2021-44716 affecting package kube-vip-cloud-provider for versions less than 0.0.2-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...