44 matches found
RHCOS 4 : OpenShift Container Platform 4.6.23 (RHSA-2021:0956)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0956 advisory. - golang: data race in certain net/http servers including ReverseProxy can lead to DoS CVE-2020-15586 - golang: ReadUvarint and...
EUVD-2021-0896
Malware in sbrugna...
EUVD-2021-2567
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-29482
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format...
RHEL 7 / 8 : OpenShift Virtualization 4.9.0 RPMs (RHSA-2021:4103)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4103 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...
Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager.
Summary A security vulnerability in GO affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2020-16845 DESCRIPTION: Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a specially-crafted...
GO-2021-0142 Unbounded read from invalid inputs in encoding/binary
ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs. Certain invalid inputs to ReadUvarint or ReadVarint can cause these functions to read an unlimited number of bytes from the ByteReader parameter before returning an error. This can lead to processing more input...
ulikunitz/xz: Infinite loop in readUvarint allows for denial of service
A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service DoS...
GO-2021-0225
Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This could lead to processing more input than expected when the caller is reading directly from a network and depends on...
GHSA-Q6GQ-997W-F55G Withdrawn Advisory: Infinite loop in xz
Withdrawn Advisory This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time. Original Description Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size ...
GHSA-25XM-HR59-7C27 github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size ...
CVE-2021-29482
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
CVE-2021-29482
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
Format string
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
CVE-2021-29482
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
CVE-2021-29482 denial of service in github.com/ulikunitz/xz
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...
xz 安全漏洞
xz is a software application. It is used to support reading and writing xz compressed streams. A security vulnerability exists in versions prior to xz v0.5.8, which stems from the readUvarint function used to read the xz container format may not terminate the loop to provide malicious input...
Low: Red Hat Security Advisory: OpenShift Container Platform 4.5.37 security update
Red Hat OpenShift Container Platform release 4.5.37 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which give...
RHEL 7 / 8 : OpenShift Container Platform 4.5.37 (RHSA-2021:1016)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1016 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...