RHCOS 4 : OpenShift Container Platform 4.15.23 (RHSA-2024:4702)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4702 advisory. - gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization CVE-2024-37298 Note that Nessus has not tested for...

RHCOS 4 : OpenShift Container Platform 4.13.46 (RHSA-2024:4848)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4848 advisory. - gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization CVE-2024-37298 Note that Nessus has not tested for...

MiracleLinux 9 : podman-4.9.4-10.el9_4 (AXSA:2024-8754:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8754:08 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 go-retryablehttp: url might write sensitive...

EUVD-2024-2233

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-37298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... ope...

AlmaLinux 9 : podman (ALSA-2024:6194)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6194 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 go-retryablehttp: url might write sensitive...

gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm...

RHEL 9 : podman (RHSA-2024:6194)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6194 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...

ALSA-2024:6194 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:5258)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5258 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...

gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2024:5258)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5258 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...