Linux Distros Unpatched Vulnerability : CVE-2023-39326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are i...

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-2272)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2272 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540...

Oracle Linux 9 : podman (ELSA-2024-2193)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2193 advisory. - Rebuild for following CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724...

Oracle Linux 8 : conmon (ELSA-2024-12190)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12190 advisory. - address CVE-2023-39326 cri-o - Resolve CVE-2023-39326 flannel-cni-plugin - Resolve CVE-2023-39326 helm - address CVE-2023-39326 istio - Updated Golang to...

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Important: runc

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Fedora 39 : golang (2024-193547def8)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-193547def8 advisory. Automatic update for golang-1.21.6-1.fc39. Changelog for golang Mon Jan 15 2024 Packit - 1.21.6-1 - packit 1.21.6 upstream release Tenable has...

Amazon Linux 2 : golang (ALAS-2024-2388)

The version of golang installed on the remote host is prior to 1.20.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2388 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many...