SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2022:4146-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4146-1 advisory. The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcppfile.h...

Oracle Linux 9 : mingw-gcc (ELSA-2022-8415)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8415 advisory. 12.0.1-11.2 - Bump release and rebuild resolves: rhbz2096010 12.0.1-11.1 - Rebase to Fedora Rawhide resolves: rhbz2080170 Tenable has extracted the preceding...

Exploit for Uncontrolled Recursion in Owasp Modsecurity

Detection-and-Mitigation-script-for-CVE-2021-42717 Detection a...

SUSE-SU-2022:4069-1 Security update for php7

This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont bsc1204979. - CVE-2022-37454: Fixed buffer overflow in hashupdate on long parameter bsc1204577. - Version update to 7.4.32...

AlmaLinux 9 : mingw-gcc (ALSA-2022:8415)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:8415 advisory. - GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial ...

Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)

Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission...

Low: Red Hat Security Advisory: mingw-gcc security and bug fix update

An update for mingw-gcc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

gcc: uncontrolled recursion in libiberty/rust-demangle.c

A flaw was discovered in the GNU libiberty library within the demanglepath function in rust-demangle.c, as distributed in the GNU Compiler Collection GCC. This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash...

Oracle Linux 8 : container-tools:3.0 (ELSA-2022-7529)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7529 advisory. - fixes CVE-2021-3602 - amend CVE-2022-1708 - fix CVE-2022-1708 - thanks to Peter Hunt - fix CVE-2022-27650 - fixes CVE-2021-3602 - rc95 fixes...

AlmaLinux 8 : grafana (ALSA-2022:7519)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7519 advisory. - The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting XSS due to improper sanitization in sanitizeUrl function...

AlmaLinux 8 : grafana-pcp (ALSA-2022:7648)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7648 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

SUSE-SU-2022:3957-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. bsc1203867 - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the...

Oracle Linux 8 : ol8addon (ELSA-2022-23681)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-23681 advisory. golang 1.17.13-1.0.1 - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust 1.17.12-1 - Update Go to...

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-193)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-193 advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating chunked encoding. This issue could allow request smuggling, but only if combined with an...

RHEL 9 : lua (RHSA-2022:7329)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7329 advisory. The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently us...

Uncontrolled Recursion

Overview grpc/grpc-swift is a Swift language implementation of gRPC. Affected versions of this package are vulnerable to Uncontrolled Recursion when parsing certain payloads. This can lead to a Denial-of-Service. Remediation Upgrade grpc/grpc-swift to version 1.2.0 or higher. References - GitHub...

SUSE-SU-2022:3830-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. bsc1203867 - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the...

AlmaLinux 8 : git-lfs (ALSA-2022:7129)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7129 advisory. - In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed ...

Amazon Linux 2 : golang-github-kr-pty (ALAS-2022-1864)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1864 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2 : golang-github-gorilla-context (ALAS-2022-1859)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1859 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...