Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

RHEL 9 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 - Angle brackets are not...

Amazon Linux AMI : amazon-ssm-agent (ALAS-2024-1920)

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.2222.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1920 advisory. 2024-04-25: CVE-2023-49568 was added to this advisory. 2024-02-28: CVE-2023-39325 was added to this advisory...

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Design/Logic Flaw

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...