24 matches found
MiracleLinux 9 : pcs-0.11.4-7.el9.ML.1 (AXSA:2023-6066:10)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6066:10 advisory. pcs: webpack: Regression of CVE-2023-28154 fixes in the MIRACLE LINUX CVE-2023-2319 rubygem-rack: Denial of service in Multipart MIME parsing...
CVE-2025-20360
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are...
CentOS 9 : toolbox-0.0.99.4-3.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.4-3.el9 build changelog. - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause...
Oracle Linux 9 : buildah (ELSA-2023-6473)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6473 advisory. - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
RHEL 8 : container-tools:4.0 (RHSA-2023:6938)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6938 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: go-yaml:...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
RHEL 9 : containernetworking-plugins (RHSA-2023:6402)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6402 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfac...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...
CentOS 8 : go-toolset:rhel8 (CESA-2023:3319)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:3319 advisory. - The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar...
SUSE SLES15 Security Update : go1.20 (SUSE-SU-2023:2105-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2105-2 advisory. Update to 1.20.4 bnc1206346: - CVE-2023-24539: Fixed an improper sanitization of CSS values boo1211029. - CVE-2023-24540: Fixed an improper...
Golang < 1.19.8 / 1.20.x < 1.20.3 Multiple Vulnerabilities
The version of Golang Go installed on the remote host is affected by multiple vulnerabilities, as follows: - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can...
MGASA-2023-0145 Updated golang packages fix security vulnerability
DOS due to incorrect HTTP and MIME header parsing CVE-2023-24534 DOS due to incorrect Multipart form parsing CVE-2023-24536 Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...