EUVD-2022-32037

Malicious code in bioql PyPI...

Code injection

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic...

CVE-2022-27536

Removed by vendor...

CVE-2022-27536

CVE-2022-27536 affects Go 1.18.x before 1.18.1; Certificate.Verify in crypto/x509 may panic on macOS when presented with certain malformed certificates, causing a remote TLS client panic. Affected: Go 1.18.x before 1.18.1. Remediation: upgrade to Go 1.18.1 or newer (patched version).

CVE-2022-27536

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic...

RHEL 8 : Red Hat OpenStack Platform 16.2 (golang-github-vbatts-tar-split) (RHSA-2022:0998)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0998 advisory. Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-29923 crypto/tls:...

Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.

Summary Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC. Vulnerability Details CVEID: CVE-2021-34558 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the failure to properly assert that the type of public key in an...

CentOS 8 : grafana (CESA-2021:4226)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4226 advisory. - grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call CVE-2021-27358 - golang: crypto/elliptic:...

RHEL 7 / 8 : OpenShift Container Platform 4.8.4 (RHSA-2021:2984)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2984 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Google Golang Trust Management Issue Vulnerability

Google Golang is a statically strongly typed, compiled language from Google, U.S. A trust management issue vulnerability exists in Google Golang, which can be exploited by attackers to cause a TLS client panic...

CVE-2021-34558

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic...

CVE-2021-34558

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic...