RHCOS 4 : OpenShift Container Platform 4.12.78 (RHSA-2025:10271)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10271 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

RHCOS 4 : OpenShift Container Platform 4.15.55 (RHSA-2025:11352)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:11352 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

RHCOS 4 : OpenShift Container Platform 4.17.35 (RHSA-2025:10295)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10295 advisory. - podman: podman missing TLS verification CVE-2025-6032 - net/http: Request smuggling due to acceptance of invalid chunked data in...

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007098 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1401)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1401 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

CLEANSTART-2026-IA37596 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the consul-k8s-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2025-9997:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9997:01 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block direct...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2025:0457)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0457 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RockyLinux 10 : opentelemetry-collector (RLSA-2025:16432)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2025:16432 advisory. net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 Tenable has extracted the preceding description block directly from t...

RockyLinux 10 : golang-github-openprinting-ipp-usb (RLSA-2025:9156)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9156 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly...

podman security update

An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

RockyLinux 9 : weldr-client (RLSA-2025:9635)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9635 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

RockyLinux 10 : grafana-pcp (RLSA-2025:8915)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:8915 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly...

RockyLinux 9 : golang (RLSA-2025:8476)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:8476 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

EUVD-2022-53387

Malicious code in bioql PyPI...

delve security update

An update is available for delve. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Delve is a debugger for the Go programming language. The goal of the project i...

podman security update

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

RLSA-2025:9151 Moderate: gvisor-tap-vsock security update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...

buildah security update

An update is available for buildah. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality [CVE-2025-22871]

Summary Golang package net/http is used by IBM App Connect Enterprise Certified Container operator and operands for http communication. IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality. This bulletin provides patch information to addre...