RHCOS 4 : Red Hat build of MicroShift 4.16.0 (RHSA-2024:0043)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0043 advisory. - kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin CVE-2024-3177 -...

CLEANSTART-2026-EC57959 protojson

Multiple security vulnerabilities affect the cluster-proportional-autoscaler package. The protojson. See references for individual vulnerability details...

CLEANSTART-2026-JT73156 protojson

Multiple security vulnerabilities affect the prometheus-node-exporter package. The protojson. See references for individual vulnerability details...

MiracleLinux 9 : podman-4.9.4-3.el9 (AXSA:2024-8089:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8089:04 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

MiracleLinux 9 : buildah-1.33.7-1.el9 (AXSA:2024-8134:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8134:04 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container,...

MiracleLinux 9 : skopeo-1.14.3-2.el9 (AXSA:2024-8078:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8078:02 advisory. golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON...

Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON

Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...

Moderate: Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.2.0 for RHEL 9

Run Once Duration Override Operator for Red Hat OpenShift 1.2.0 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

K000141024: GO vulnerability CVE-2024-24786

Security Advisory Description The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is se...

SUSE-SU-2024:3097-1 Security update for kubernetes1.28

This update for kubernetes1.28 fixes the following issues: Update kubernetes to version 1.28.13: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf bsc1229867 - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. Th...

Important: docker

Issue Overview: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorizatio...

Medium: containerd

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Medium: containerd

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Moderate: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.6 security update

An update is now available for Red Hat OpenShift GitOps v1.11.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

GHSA-QC6V-5G5M-8CW2 ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http

Summary Applications using the zitadel-go v3 library next branch might be impacted by package vulnerabilities. The output of govulncheck suggests that only example code seems to be impacted, based on 1 of the 3 potential vulnerabilities. This vulnerability is located in the transitive dependency...