37 matches found
Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2021-3121, CVE-2021-38561, CVE-2023-43804)
Summary github.com/gogo/protobuf, golang.org/x/text, urllib3 are dependency packages used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP clien...
RHEL 8 : heketi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 -...
RHEL 9 : podman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: out-of-bounds read in golang.org/x/text/language leads to DoS CVE-2021-38561 Note that Nessus has not teste...
RHEL 8 : golang.org_x_text (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...
RHEL 7 / 8 / 9 : OpenShift Virtualization 4.13.0 RPMs (RHSA-2023:3204)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3204 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory...
Yapscan Denial of Service vulnerability in report server
Impact If you use the report server, it may be vulnerable to a Denial of Service attack. Patches Has been patched in v0.19.2. References The vulnerability was inherited by the following upstream vulnerabilites - golang.org/x/text v0.3.7 - golang.org/x/net 0.0.0-20220906165146-f3363e06e74c...
GHSA-PPP9-7JFF-5VJ2 golang.org/x/text/language Out-of-bounds Read vulnerability
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
CVE-2021-38561
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
CVE-2021-38561
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
Out-of-bounds Read
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
CVE-2021-38561
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
CVE-2021-38561
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
RHEL 9 : podman (RHSA-2022:7954)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7954 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...
Moderate: Red Hat Security Advisory: Openshift Logging 5.3.13 security and bug fix release
An update is now available for OpenShift Logging 5.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...
Moderate: git-lfs security and bug fix update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension...
RHEL 8 : git-lfs (RHSA-2022:7129)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7129 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...
gitea -- multiple issues
The Gitea team reports: Sanitize and Escape refs in git backend Bump golang.org/x/text Update bluemonday...
CVE-2020-14040
A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...
Moderate: Red Hat Security Advisory: Service Registry (container images) release and security update [1.1.1.GA]
An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact o...
GHSA-5RCV-M4M3-HFH7 golang.org/x/text Infinite loop
Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...