The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9102 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * podman: Symlink error leads to information disclosure (CVE-2022-4122)

    * containers/image: digest type does not guarantee valid type (CVE-2024-3727)

    * golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)

    * net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4237 advisory.

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

    Security Fix(es):

    * golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)

    * golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1970-1 advisory.

    go1.21.11 release (bsc#1212475).

    - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973).
    - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (bsc#1225974).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5291 advisory.

    * golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)

    * golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)

    * golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4212 advisory.

    The golang packages provide the Go programming language compiler.

    Security Fix(es):

    * golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)

    * golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4212 advisory.

    - Update to Go 1.21.11 that fixes CVE-2024-24789 and CVE-2024-24790

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4237 advisory.

    * golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)
    * golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4237 advisory.

    - Update to Go1.21.11 to address CVE-2024-24789 and CVE-2024-24790
    - Rebase to Go1.21.11 that includes fixes for CVE-2024-24789 and CVE-2024-24790

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0176 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2024-24789:
    The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most     zip implementations. This misalignment could be exploited to create an zip file with contents that vary     depending on the implementation reading the file. The archive/zip package now rejects files containing     these errors.

    CVE-2024-24790:
    The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6     addresses, returning false for addresses which would return true in their traditional IPv4 forms.

    CVE-2024-24791:
    The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an Expect:
    100-continue header with a non-informational (200 or higher) status. This mishandling could leave a     client connection in an invalid state, where the next request sent on the connection will fail. An     attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause     a denial of service by sending Expect: 100-continue requests which elicit a non-informational response     from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent     request using that connection to fail.

    CVE-2024-34155:
    Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a     panic due to stack exhaustion.

    CVE-2024-34156:
    Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack     exhaustion. This is a follow-up to CVE-2022-30635.

    CVE-2024-34158:
    Calling Parse on a // +build build tag line with deeply nested expressions can cause a panic due to     stack exhaustion.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
210834	RHEL 9 : podman (RHSA-2024:9102)	Nessus	Red Hat Local Security Checks	11/12/2024	3/6/2025	medium
201290	RHEL 8 : go-toolset (RHSA-2024:4237)	Nessus	Red Hat Local Security Checks	7/2/2024	3/6/2025	critical
200296	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:1970-1)	Nessus	SuSE Local Security Checks	6/11/2024	6/19/2024	critical
235587	RockyLinux 8 : grafana (RLSA-2024:5291)	Nessus	Rocky Linux Local Security Checks	5/7/2025	5/7/2025	critical
210583	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22-openssl (SUSE-SU-2024:3938-1)	Nessus	SuSE Local Security Checks	11/8/2024	11/8/2024	critical
201232	RHEL 9 : golang (RHSA-2024:4212)	Nessus	Red Hat Local Security Checks	7/2/2024	3/6/2025	critical
201311	Oracle Linux 9 : golang (ELSA-2024-4212)	Nessus	Oracle Linux Local Security Checks	7/3/2024	9/21/2024	critical
201537	AlmaLinux 8 : go-toolset (ALSA-2024:4237)	Nessus	Alma Linux Local Security Checks	7/3/2024	1/13/2025	critical
201844	Oracle Linux 8 : go-toolset (ELSA-2024-4237)	Nessus	Oracle Linux Local Security Checks	7/3/2024	11/2/2024	critical
235951	Alibaba Cloud Linux 3 : 0176: go-toolset:rhel8 (ALINUX3-SA-2024:0176)	Nessus	Alibaba Cloud Linux Local Security Checks	5/14/2025	5/14/2025	critical

Detections

Analytics

Plugins Search

medium

critical

critical

critical

critical

critical

critical

critical

critical

critical