Azure Linux 3.0 Security Update: python-tensorboard (CVE-2021-33196)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-33196 advisory. - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2021-2375:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2375:01 advisory. golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader CVE-2021-27918 golang: net/http: panic in ReadRequest a...

EUVD-2021-19909

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-33196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive's header can cause a NewReader or OpenReader panic...

Linux Distros Unpatched Vulnerability : CVE-2022-30323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. CVE-2022-30323 Note that Nessus relies on the...

Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2021-33194 DESCRIPTION: golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service infinite loop via crafted...

SUSE-SU-2021:0937-1 Security update for go1.16

This update for go1.16 fixes the following issues: - go1.16.2 released 2021-03-11 bsc1182345 - go1.16.1 released 2021-03-10 bsc1182345 - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader bsc1183333. - CVE-2021-27919: Fixed an issue where archive/zip:...

FreeBSD : go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open (72709326-81f7-11eb-950a-00155d646401)

The Go project reports : The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element. The Reader.Open API, new in Go 1.16, will panic...