MiracleLinux 9 : nodejs:18 (AXSA:2024-7655:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7655:01 advisory. nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

MiracleLinux 7 : rh-nodejs14-nodejs-14.21.3-6.el7 (AXSA:2024-7617:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7617:02 advisory. rh-nodejs14-nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 A Asianux Security Bulletin which...

CLSA-2025-1756751473 squid: Fix of CVE-2023-46846

CVE-2023-46846: fix Request/Response chunk smuggling in HTTP/1.1 and ICAP...

K000152677: Golang net/http vulnerabilities CVE-2023-39326 and CVE-2024-24791

Security Advisory Description CVE-2023-39326 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to...

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2024-35170)

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from forwarding the tail end of an incorrectly formatted HTTP chunk to the origin server. ...

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from forwarding the tail end of an incorrectly formatted HTTP chunk to the origin server. ...

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

RHEL 9 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 - Angle brackets are not...

CLSA-2024-1712261257 squid: Fix of CVE-2024-25111

CVE-2024-25111: Fix infinite recursion when parsing HTTP chunks...

Oracle Linux 8 : olcne (ELSA-2024-12264)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12264 advisory. - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 Tenable has extracted the preceding description block directly from the...

OPENSUSE-SU-2024:0093-1 Security update for minidlna

This update for minidlna fixes the following issues: Update to 1.3.3 boo1222007: - Fixed HTTP chunk length parsing. CVE-2023-33476 - Improved Dutch and Swedish translations. - Fixed directory symlink deletion handling...

Amazon Linux AMI : amazon-ssm-agent (ALAS-2024-1920)

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.2222.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1920 advisory. 2024-04-25: CVE-2023-49568 was added to this advisory. 2024-02-28: CVE-2023-39325 was added to this advisory...

AlmaLinux 8 : container-tools:4.0 (ALSA-2024:0748)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0748 advisory. runc: file descriptor leak Leaky Vessels CVE-2024-21626 A AlmaLinux Security Bulletin which addresses further details about the Leaky Vessels flaw is...

Amazon Linux 2 : containerd (ALASDOCKER-2024-037)

The version of containerd installed on the remote host is prior to 1.7.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-037 advisory. 2024-02-15: CVE-2023-39326 was added to this advisory. 2024-02-15: CVE-2023-47108 was added to this advisory. The...

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Design/Logic Flaw

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

[SECURITY] [DSA 5434-1] minidlna security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5434-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2023 https://www.debian.org/security/faq -...

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2226-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2204-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now available...

OPENSUSE-SU-2020:2194-1 Security update for minidlna

This update for minidlna fixes the following issues: minidlna was updated to version 1.3.0 boo1179447 - Fixed some build warnings when building with musl. - Use $USER instead of $LOGNAME for the default friendly name. - Fixed build with GCC 10 - Fixed some warnings from newer compilers - Disallow...