279 matches found
EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1869)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...
Security Bulletin: CVE-2022-41723 may affect IBM CICS TX Standard
Summary CVE CVE-2022-41723 may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Relevant Go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-142)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-142 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has no...
SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2023:0871-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0871-1 advisory. This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19...
Google Golang 安全漏洞
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
K58102101: BIG-IP ASM vulnerability CVE-2020-27718
Security Advisory Description When the BIG-IP ASM system processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2020-27718 Impact When this vulnerability is exploited, the BIG-IP ASM system may take longer than...
K88230177: BIG-IP ASM WebSocket vulnerability CVE-2021-22976
Security Advisory Description When the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2021-22976 Impact When this vulnerability is exploited, the BIG-IP ASM system may take...
GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...
FreeBSD : go -- multiple vulnerabilities (3d73e384-ad1f-11ed-983c-83fe35862e3a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3d73e384-ad1f-11ed-983c-83fe35862e3a advisory. - A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the...
SUSE-SU-2023:0402-1 Security update for python-setuptools
This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document bsc1206667...
MGASA-2023-0030 Updated python-future packages fix security vulnerability
Excessive CPU usage via a crafted Set-Cookie header CVE-2022-40899...
SUSE: Security Advisory (SUSE-SU-2023:0213-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:0213-1 Security update for python
This update for python fixes the following issues: - CVE-2022-45061: Fixed an excessive CPU usage when decoding crafted IDNA domain names bsc1205244. Non-security fixes: - Fixed the 2038 bug in the compileall module bsc1202666...
SUSE-SU-2023:0093-1 Security update for python-setuptools
This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document bsc1206667...
SUSE-SU-2023:0089-1 Security update for python-wheel
This update for python-wheel fixes the following issues: - CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression bsc1206670...
SUSE-SU-2023:0078-1 Security update for python-future
This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header bsc1206673...
SUSE: Security Advisory (SUSE-SU-2023:0076-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
yaml package for Go can consume excessive amounts of CPU or memory
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
PT-2022-6568
Name of the Vulnerable Software and Affected Versions Python Charmers Future versions 0.18.2 and earlier Description The issue is related to improper input validation when handling the Set-Cookie header, allowing a remote attacker to send a specially crafted HTTP request and perform a denial of...
Nginx Plus R1 < R15-P2 / R16 < R16-P1 Multiple Vulnerabilities
According to it's self reported version, the installed version of Nginx Plus is R1 built on Open Source version 1.5.3-1 prior to R15-P2 or R16 built on Open Source version 1.15.2 prior to R16-P1. It is, therefore, affected by the following issues : - An unspecified error exists related to the...