The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0260 advisory.

    A highly-available key value store for shared configuration

    Security Fix(es):

    * net/http: limit growth of header canonicalization cache (CVE-2021-44716)

    * net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet     (CVE-2021-29923)

    * crypto/tls: certificate of wrong type is causing TLS client to panic     (CVE-2021-34558)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0237 advisory.

    A highly-available key value store for shared configuration

    Security Fix(es):

    * net/http: limit growth of header canonicalization cache (CVE-2021-44716)

    * net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet     (CVE-2021-29923)

    * crypto/tls: certificate of wrong type is causing TLS client to panic     (CVE-2021-34558)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of golang installed on the remote host is prior to 1.16.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1811 advisory.

    An infinite loop vulnerability was found in golang. If an application defines a custom token parser     initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker     could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing     the parsing application to endlessly loop, resulting in a Denial of Service (DoS). (CVE-2021-27918)

    archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon     attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any     filename. (CVE-2021-27919)

    A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the     net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing     injection of unexpected contents. The highest threat from this vulnerability is to integrity.
    (CVE-2021-33195)

    A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards     connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The     highest threat from this vulnerability is to integrity. (CVE-2021-33197)

    A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or     unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this     vulnerability is to system availability. (CVE-2021-33198)

    A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic     and as a consequence this could lead to ReverseProxy crash.  The highest threat from this vulnerability is     to Availability. (CVE-2021-36221)

    A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm     GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from     the arguments. The highest threat from this vulnerability is to integrity. (CVE-2021-38297)

    A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic     or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a     crafted ZIP file to a Go application using archive/zip to process that file could cause a denial of     service via memory exhaustion or panic. This particular flaw is an incomplete fix for a previous flaw.
    (CVE-2021-39293)

    An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the     debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can     cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols.
    An attacker can use this vulnerability to craft a file which causes an application using this library to     crash resulting in a denial of service. (CVE-2021-41771)

    A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where     Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can panic when parsing a crafted ZIP     archive containing completely invalid names or an empty filename argument. (CVE-2021-41772)

    There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader()     function. An attacker who submits specially crafted requests to applications linked with net/http's http2     functionality could cause excessive resource consumption that could lead to a denial of service or     otherwise impact to system performance and resources. (CVE-2021-44716)

    There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file     descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could     compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with     and using syscall.ForkExec(). (CVE-2021-44717)

    Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to     Uncontrolled Memory Consumption. (CVE-2022-23772)

    cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to     be version tags. This can lead to incorrect access control if an actor is supposed to be able to create     branches but not tags. (CVE-2022-23773)

    Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

    A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application     using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient     nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep     nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of     service. (CVE-2022-24921)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the grafana-9.0.9-1.el9 build changelog.

  - XSS (CVE-2021-23648)

  - Grafana is an open source data visualization platform. In affected versions unauthenticated and     authenticated users are able to view the snapshot with the lowest database key by accessing the literal     paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration     setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with     the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the     snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest     database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The     combination of deletion and viewing enables a complete walk through all snapshot data while resulting in     complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason     you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:
    /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.
    They have no normal function and can be disabled without side effects. (CVE-2021-39226)

  - directory traversal vulnerability for *.md files (CVE-2021-43813)

  - net/http: limit growth of header canonicalization cache (CVE-2021-44716)

  - net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

  - go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

  - Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)

  - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package     in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version     1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential     memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an     instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;
    not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our     middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.
    client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including     removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected     promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method     given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow     a limited set of methods. (CVE-2022-21698)

  - XSS vulnerability in data source handling (CVE-2022-21702)

  - CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)

  - IDOR vulnerability can lead to information disclosure (CVE-2022-21713)

  - encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

  - io/fs: stack exhaustion in Glob (CVE-2022-30630)

  - compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

  - path/filepath: stack exhaustion in Glob (CVE-2022-30632)

  - encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

  - encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

  - OAuth account takeover (CVE-2022-31107)

  - net/http/httputil: NewSingleHostReverseProxy (CVE-2022-32148)

  - Escalation from admin to server admin when auth proxy is used (rhbz#2125530) (CVE-2022-35957)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the podman-4.1.1-3.el9 build changelog.

  - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the     header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)

  - Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or     unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-     descriptor exhaustion. (CVE-2021-44717)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-009 advisory.

    A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic     or potentially exhaust system memory when parsing malformed ZIP files. (CVE-2021-33196)

    There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader()     function. An attacker who submits specially crafted requests to applications linked with net/http's http2     functionality could cause excessive resource consumption that could lead to a denial of service or     otherwise impact to system performance and resources. (CVE-2021-44716)

    There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file     descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could     compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with     and using syscall.ForkExec(). (CVE-2021-44717)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of application-gateway-kubernetes-ingress / cf-cli / cri-o / csi-driver-lvm / golang / keda / moby-engine / node-problem-detector installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44716 advisory.

  - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the     header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
157097	RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2022:0260)	Nessus	Red Hat Local Security Checks	1/26/2022	11/7/2024	high
157054	RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2022:0237)	Nessus	Red Hat Local Security Checks	1/25/2022	11/7/2024	high
163229	Amazon Linux 2 : golang (ALAS-2022-1811)	Nessus	Amazon Linux Local Security Checks	7/15/2022	4/11/2025	critical
191236	CentOS 9 : grafana-9.0.9-1.el9	Nessus	CentOS Local Security Checks	2/29/2024	4/26/2024	high
191382	CentOS 9 : podman-4.1.1-3.el9	Nessus	CentOS Local Security Checks	2/29/2024	4/26/2024	medium
212473	Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-009)	Nessus	Amazon Linux Local Security Checks	12/11/2024	12/12/2024	medium
185991	CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / cf-cli / cri-o / csi-driver-lvm / golang / keda / moby-engine / node-problem-detector (CVE-2021-44716)	Nessus	MarinerOS Local Security Checks	11/19/2023	1/22/2026	high

Detections

Analytics

Plugins Search

high

high

critical

high

medium

medium

high