Lucene search
K

70 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/27 12:0 a.m.52 views

GLSA-202311-09 : Go: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202311-09 Go: Multiple Vulnerabilities - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource...

9.8CVSS7.7AI score0.99999EPSS
Exploits20References33
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.27 views

Fedora 39 : htmltest (2023-946dfaf17f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-946dfaf17f advisory. Security fix for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.15 views

Fedora 39 : golang-github-schollz-croc (2023-4c1050f439)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4c1050f439 advisory. Automatic update for golang-github-schollz-croc-9.6.4-1.fc39. Changelog Fri May 19 2023 Mikel Olasagasti Uranga - 9.6.4-1 - Update to 9.6.4 - Closes...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
OSV
OSV
added 2023/11/01 10:39 p.m.139 views

GO-2023-2153 Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc

An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit, grpc.MaxConcurrentStreams. This results in a denial of...

7.5CVSS7.7AI score0.99999EPSS
Exploits19References2
OSV
OSV
added 2023/10/25 9:17 p.m.60 views

GHSA-M425-MQ94-257G gRPC-Go HTTP/2 Rapid Reset vulnerability

Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...

7.5CVSS7.8AI score0.99999EPSS
Exploits19References5
Rosalinux
Rosalinux
added 2023/10/22 6:11 a.m.39 views

Advisory ROSA-SA-2023-2270

software: thrift 0.10.0 WASP: ROSA-CHROME packageevrstring: thrift-0.10.0-18.src.rpm CVE-ID: CVE-2018-1320 BDU-ID: 2019-04255 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.thrift.transport.TSaslTransport class of the Apache Thrift interface description language is related to...

7.5CVSS6.7AI score0.08188EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.31 views

Fedora 38 : htmltest (2023-3baf3f43a0)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3baf3f43a0 advisory. Security fix for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.23 views

Fedora 37 : aerc (2023-aa7c75ed4a)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-aa7c75ed4a advisory. Update to 0.15.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.20 views

Fedora 38 : aerc (2023-6cfe7492c1)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6cfe7492c1 advisory. Update to 0.15.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.36 views

CentOS 8 : git-lfs (CESA-2023:2866)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:2866 advisory. - Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http...

7.5CVSS7.1AI score0.05623EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/05/14 12:0 a.m.48 views

AlmaLinux 9 : podman (ALSA-2023:2282)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2282 advisory. - Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to...

5.3CVSS7.3AI score0.05623EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/05/14 12:0 a.m.19 views

AlmaLinux 9 : conmon (ALSA-2023:2222)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2222 advisory. - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/14 12:0 a.m.31 views

AlmaLinux 9 : git-lfs (ALSA-2023:2357)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2357 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

7.5CVSS7AI score0.05623EPSS
Exploits4References11
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 5:18 p.m.39 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-41717)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go caused by a flaw when handling HTTP/2 requests in the Go server. CVE-2022-41717. Golang Go is included as an operator as part of the Base OS used by our service images. Please...

5.3CVSS6.6AI score0.05623EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.20 views

Fedora 38 : reposurgeon (2023-76d18cf2fa)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-76d18cf2fa advisory. 4.35: 2023-03-21 - Document an importand gotcha about working with CVS. Clean up some annoyances in the build and test machinery. 4.34: 2023-01-24 - Change...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/24 12:0 a.m.40 views

Fedora 37 : gmailctl (2023-ca444fdecf)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ca444fdecf advisory. Rebuild for CVE-20220-3064,41717,41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

7.5CVSS7.1AI score0.05623EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/20 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1524)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/03/15 7:58 p.m.54 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/07 12:0 a.m.26 views

Fedora 37 : golang-github-projectdiscovery-chaos-client (2023-8b700042ac)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8b700042ac advisory. Update to 0.4.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.50 views

Fedora 37 : golang-github-need-being-tree / golang-helm-3 / golang-oras / etc (2023-c9b2182a4e)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-c9b2182a4e advisory. Update helm to 3.11.1, resolving multiple security issues Tenable has extracted the preceding description block directly from the Fedora security...

9.3CVSS7.3AI score0.05623EPSS
Exploits1References5
Rows per page
Query Builder