EulerOS 2.0 SP5 : golang (EulerOS-SA-2024-1140)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3006)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-3299)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

Rocky Linux 8 : container-tools:4.0 (RLSA-2023:7202)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7202 advisory. - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests...

Oracle Linux 8 : container-tools:4.0 (ELSA-2023-7202)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7202 advisory. - rebuild for CVE-2023-29406 - rebuild for CVE-2023-29406 - rebuild because of CVE-2023-29406 Tenable has extracted the preceding description block directly fro...

RHEL 8 : container-tools:4.0 (RHSA-2023:7202)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7202 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http:...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3029)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2023-373)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-373 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2023-346)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-346 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2023-347)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-347 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to...

Amazon Linux 2023 : cni-plugins (ALAS2023-2023-338)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-338 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-312)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-312 advisory. On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or...

Amazon Linux 2023 : runc (ALAS2023-2023-311)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-311 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to...

Amazon Linux 2 : runc (ALASDOCKER-2023-028)

The version of runc installed on the remote host is prior to 1.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2023-028 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additiona...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2023-025)

The version of runc installed on the remote host is prior to 1.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-025 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...

Amazon Linux 2 : golist (ALAS-2023-2185)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2185 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional...

Amazon Linux 2 : golang (ALAS-2023-2186)

The version of golang installed on the remote host is prior to 1.20.6-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2186 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional...

Important: golang

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

Important: cri-tools

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send...

FreeBSD : go -- multiple vulnerabilities (78f2e491-312d-11ee-85f2-bd89b893fcb4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 78f2e491-312d-11ee-85f2-bd89b893fcb4 advisory. - Angle brackets are not considered dangerous characters when inserted into CSS contexts...