70 matches found
GLSA-202311-09 : Go: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202311-09 Go: Multiple Vulnerabilities - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource...
Fedora 39 : htmltest (2023-946dfaf17f)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-946dfaf17f advisory. Security fix for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Fedora 39 : golang-github-schollz-croc (2023-4c1050f439)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4c1050f439 advisory. Automatic update for golang-github-schollz-croc-9.6.4-1.fc39. Changelog Fri May 19 2023 Mikel Olasagasti Uranga - 9.6.4-1 - Update to 9.6.4 - Closes...
GO-2023-2153 Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc
An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit, grpc.MaxConcurrentStreams. This results in a denial of...
GHSA-M425-MQ94-257G gRPC-Go HTTP/2 Rapid Reset vulnerability
Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...
Advisory ROSA-SA-2023-2270
software: thrift 0.10.0 WASP: ROSA-CHROME packageevrstring: thrift-0.10.0-18.src.rpm CVE-ID: CVE-2018-1320 BDU-ID: 2019-04255 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.thrift.transport.TSaslTransport class of the Apache Thrift interface description language is related to...
Fedora 38 : htmltest (2023-3baf3f43a0)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3baf3f43a0 advisory. Security fix for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Fedora 37 : aerc (2023-aa7c75ed4a)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-aa7c75ed4a advisory. Update to 0.15.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
Fedora 38 : aerc (2023-6cfe7492c1)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6cfe7492c1 advisory. Update to 0.15.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
CentOS 8 : git-lfs (CESA-2023:2866)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:2866 advisory. - Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http...
AlmaLinux 9 : podman (ALSA-2023:2282)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2282 advisory. - Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to...
AlmaLinux 9 : conmon (ALSA-2023:2222)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2222 advisory. - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the...
AlmaLinux 9 : git-lfs (ALSA-2023:2357)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2357 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-41717)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go caused by a flaw when handling HTTP/2 requests in the Go server. CVE-2022-41717. Golang Go is included as an operator as part of the Base OS used by our service images. Please...
Fedora 38 : reposurgeon (2023-76d18cf2fa)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-76d18cf2fa advisory. 4.35: 2023-03-21 - Document an importand gotcha about working with CVS. Clean up some annoyances in the build and test machinery. 4.34: 2023-01-24 - Change...
Fedora 37 : gmailctl (2023-ca444fdecf)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ca444fdecf advisory. Rebuild for CVE-20220-3064,41717,41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1524)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform (collectd-libpod-stats) security update
An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Fedora 37 : golang-github-projectdiscovery-chaos-client (2023-8b700042ac)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8b700042ac advisory. Update to 0.4.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
Fedora 37 : golang-github-need-being-tree / golang-helm-3 / golang-oras / etc (2023-c9b2182a4e)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-c9b2182a4e advisory. Update helm to 3.11.1, resolving multiple security issues Tenable has extracted the preceding description block directly from the Fedora security...