Astra Linux - уязвимость в golang-1.15

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...

EUVD-2021-22841

Malware in sbrugna...

RHEL 8 : heketi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty CVE-2021-33197 ...

RHEL 7 / 8 : OpenShift Virtualization 2.6.10 RPMs (RHSA-2022:1402)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1402 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...

RHEL 8 : Release of OpenShift Serverless Client kn 1.27.0 (Moderate) (RHSA-2023:0708)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0708 advisory. Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered a...

RHEL 7 / 8 : OpenShift Virtualization 4.12.0 RPMs (RHSA-2023:0407)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0407 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains...

RHEL 8 : Red Hat Application Interconnect 1.0 Release (rpms) (Important) (RHSA-2022:6113)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6113 advisory. This release addresses several security issues in the underlying golang compiler by moving to golang version 1.17.12. Security Fixes:...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

CentOS 9 : grafana-pcp-3.2.0-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the grafana-pcp-3.2.0-2.el9 build changelog. - net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - io/fs: stack exhaustion in Glob CVE-2022-30630 -...

Moderate: Red Hat Security Advisory: container-tools:4.0 security update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

RHEL 8 : Image Builder (RHSA-2023:2780)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2780 advisory. Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood...

Moderate: Red Hat Security Advisory: container-tools:4.0 security and bug fix update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Moderate: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 8 : git-lfs (RHSA-2023:2866)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2866 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

ALSA-2023:2758 Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962 golang:...

RHEL 9 : Image Builder (RHSA-2023:2204)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2204 advisory. Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters...

RHEL 7 : go-toolset-1.18 (RHSA-2023:0445)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0445 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/ta...