30 matches found
RHCOS 4 : OpenShift Container Platform 4.11.5 (RHSA-2022:6535)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:6535 advisory. - golang: crypto/tls: session tickets lack random ticketageadd CVE-2022-30629 Note that Nessus has not tested for this issue but has instead...
Security Bulletin: Security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak. Nginx is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...
MiracleLinux 9 : skopeo-1.11.2-0.1.el9 (AXSA:2023-5634:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5634:02 advisory. golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 golang: crypto/tls: session tickets lack random...
MiracleLinux 9 : buildah-1.29.1-1.el9 (AXSA:2023-5642:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5642:02 advisory. golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 golang: crypto/tls: session...
Amazon Linux 2 : nginx (ALASNGINX1-2025-008)
The version of nginx installed on the remote host is prior to 1.26.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-008 advisory. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to...
Debian dla-4091 : libnginx-mod-http-auth-pam - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4091 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4091-1 [email protected]...
CVE-2025-23419
A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...
BIT-NGINX-2025-23419 TLS Session Resumption Vulnerability
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
UBUNTU-CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2025-23419
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
PT-2025-5738
Name of the Vulnerable Software and Affected Versions nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate...
CVE-2022-30629 Session tickets lack random ticket_age_add in crypto/tls
Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...
MGASA-2022-0231 Updated golang packages fix security vulnerability
crypto/tls: session tickets lack random ticketageadd. Session tickets generated by crypto/tls did not contain a randomly generated ticketageadd. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...
SUSE-SU-2022:2004-1 Security update for go1.17
This update for go1.17 fixes the following issues: Update to go1.17.11 released 2022-06-01 bsc1190649: - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers bsc1200134. - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticketageadd bsc1200135. -...
Google Golang 安全特征问题漏洞
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
UBUNTU-CVE-2021-43848
h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...
h2o 安全漏洞
h2o is a new generation of HTTP server. Not only is it very fast compared to older generation HTTP servers, but it also provides faster responses to end users. A security vulnerability exists in h2o, which stems from the fact that when QUIC frames are received in a particular order, h2o's HTTP/3...
ALPINE-CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...
CVE-2016-6302
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets...