CVE-2023-44487 affecting package golang for versions less than 1.20.10

CVE-2023-44487 affecting package golang for versions less than 1.20.10. A patched version of the package is available...

CVE-2021-3716 affecting package nbdkit 1.20.7-5

CVE-2021-3716 affecting package nbdkit 1.20.7-5. This CVE either no longer is or was never applicable...

OESA-2024-1454 gstreamer1-plugins-base security update

GStreamer is a graphics library for built-in media processing components. BasePlug-ins is a the collections used to maintain the GStreamer plugin. Security Fixes: Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22....

CVE-2023-29409 affecting package msft-golang for versions less than 1.20.7-1

CVE-2023-29409 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1

CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2023-29405 affecting package msft-golang for versions less than 1.20.7-1

CVE-2023-29405 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2023-39325 affecting package golang for versions less than 1.20.7-2

CVE-2023-39325 affecting package golang for versions less than 1.20.7-2. A patched version of the package is available...

CVE-2023-29405 affecting package golang for versions less than 1.20.7-1

CVE-2023-29405 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...

Allocation of Resources Without Limits or Throttling

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the crypto/tls process. An attacker can cause excessive CPU consumption by presenting...

AZL-34749 CVE-2023-29400 affecting package golang for versions less than 1.20.7-1

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

AZL-26615 CVE-2023-29400 affecting package golang for versions less than 1.20.7-1

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

AZL-52878 CVE-2023-24534 affecting package golang for versions less than 1.20.7-1

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

Security fix for the ALT Linux 9 package cri-o version 1.20.7-alt1

1.20.7-alt1 built March 25, 2022 Mikhail Gordeev in task 296972 March 21, 2022 Mikhail Gordeev - new version 1.20.0 - Fixes: CVE-2022-0811...