[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-7.fc36

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

[SECURITY] Fedora 36 Update: golang-github-appc-goaci-0.1.1-13.fc36

Goaci is a simple command-line tool to build Go projects into ACIs which conf orm to the app container specification...

[SECURITY] Fedora 36 Update: golang-github-appc-spec-0.8.11-15.fc36

This package contains schema definitions and tools for the App Container app c specification. These include technical details on how an appc image is downloaded over a network, cryptographically verified, and executed on a host. See SPEC.md for details of the specification itself...

Design/Logic Flaw

Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...

[SECURITY] Fedora 35 Update: pack-0.27.0-2.fc35

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

[SECURITY] Fedora 35 Update: golang-github-appc-spec-0.8.11-14.fc35

This package contains schema definitions and tools for the App Container app c specification. These include technical details on how an appc image is downloaded over a network, cryptographically verified, and executed on a host. See SPEC.md for details of the specification itself...

[SECURITY] Fedora 35 Update: golang-github-appc-goaci-0.1.1-12.fc35

Goaci is a simple command-line tool to build Go projects into ACIs which conf orm to the app container specification...

F5 Networks BIG-IP : OpenSSL vulnerability (K92451315)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K92451315 advisory. The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the...

Fedora: Security Advisory for runc (FEDORA-2022-ba365d3703)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: pack-0.27.0~rc1-4.fc36

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

[SECURITY] Fedora 36 Update: pack-0.27.0-1.fc36

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

Fedora: Security Advisory for golang-github-appc-spec (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-appc-goaci (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-appc-goaci-0.1.1-12.fc36

Goaci is a simple command-line tool to build Go projects into ACIs which conf orm to the app container specification...

[SECURITY] Fedora 36 Update: golang-github-appc-spec-0.8.11-14.fc36

This package contains schema definitions and tools for the App Container app c specification. These include technical details on how an appc image is downloaded over a network, cryptographically verified, and executed on a host. See SPEC.md for details of the specification itself...

Upgraded Q -> H from 104 [1656255316696]

Judge has assessed an item in Issue 104 as High risk. The relevant finding follows: L02: Incompatibility with ERC-4626 Line References Description The EIP-4626 specification requires that totalAssets to NOT revert, but the current implementation does so in the underlying methods: int256...

SUSE SLES12 Security Update : containerd (SUSE-SU-2022:2165-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2165-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior...

GHSA-P2G9-94WH-65C2 Space bug in `clean_text`

An incorrect mapping from HTML specification to ASCII codes was used. Because HTML treats the Form Feed as whitespace, code like this has an injection bug: let html = format!"", cleantextusersuppliedstring; Applications are not affected if they quote their attributes, or if they don't use cleante...

CVE-2022-31053

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

Authentication flaw

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid G-signatures. Such an attack would allow an attacker to create a token with any access level. The...