35 matches found
EUVD-2023-1958
Malicious code in bioql PyPI...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.3 security update
Red Hat OpenShift Container Platform release 4.16.3 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a security impact of...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 director Operator container images security update
Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 Train for RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 8 : openshift-gitops-kam (RHSA-2023:5407)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5407 advisory. OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool Security Fixes: goproxy: Denial of service DoS via unspecified vectors...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1313)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...
BIT-GOLANG-2023-45285 Command 'go get' may unexpectedly fallback to insecure git in cmd/go
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
RHCOS 4 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. - golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 - kube-apiserver: Bypassing policies imposed by the...
Code injection
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
CVE-2023-45285
CVE-2023-45285 : Golang Go could allow a remote attacker to obtain sensitive information when using go get to fetch a module with the ".git" suffix. The vulnerability arises because, if the module is not available via secure https or git+ssh, the fetch may fall back to the insecure git:// protoco...
CVE-2023-45285 Command 'go get' may unexpectedly fallback to insecure git in cmd/go
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
CVE-2023-45285
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.0 security, enhancement & bug fix update
Updated packages that include numerous enhancements and bug fixes are now available for Red Hat OpenShift Data Foundation 4.14.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
goproxy: Denial of service (DoS) via unspecified vectors.
A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk ""...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 security update
Red Hat OpenShift Container Platform release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: openshift-gitops-kam security update
An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
goproxy: Denial of service (DoS) via unspecified vectors.
A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk ""...
GO-2023-1941 Panic when handling invalid request in MITM mode in github.com/elazarl/goproxy
An invalid request can cause a panic when running in MITM mode...
CVE-2023-37788
A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk ""...
Denial Of Service (DoS)
github.com/elazarl/goproxy is vulnerable to Denial Of Service DoS. The vulnerability exists in the handleHttps function of https.go when the proxy is in MITM mode due to not properly validating the host URLs, which allows an attacker to cause an application crash when a HTTP request goes to HTTPS...
SUSE CVE-2023-37788
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service DoS via unspecified vectors...