Search for packages
| purl | pkg:rpm/redhat/rhc-worker-script@0.10-2?arch=el7_9 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d97y-w562-fkab
Aliases: CVE-2024-9355 GHSA-3h3x-2hwv-hr52 |
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack. | There are no reported fixed by versions. |
|
VCID-p1bh-b1qf-ufg6
Aliases: CVE-2024-24791 |
net/http: Denial of service due to improper 100-continue handling in net/http | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:46:31.202539+00:00 | RedHat Importer | Affected by | VCID-p1bh-b1qf-ufg6 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24791.json | 38.0.0 |
| 2026-04-01T13:44:58.826377+00:00 | RedHat Importer | Affected by | VCID-d97y-w562-fkab | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9355.json | 38.0.0 |