10 matches found
CVE-2026-55882 Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memor...
pocketbase-0.37.3-1.1 on GA media (moderate)
pocketbase-0.37.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10628-1 Rating: moderate Cross-References: CVE-2026-33809 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
Linux Distros Unpatched Vulnerability : CVE-2023-46239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO th...
openSUSE: Security Advisory for trivy (openSUSE-SU-2023:0064-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-46239
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...
UBUNTU-CVE-2023-46239
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...
CVE-2023-46239 quic-go vulnerable to pointer dereference that can lead to panic
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...
CVE-2023-46239
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...
PT-2023-29922 · Quic-Go · Quic-Go
Name of the Vulnerable Software and Affected Versions: quic-go versions 0.37.0 through 0.37.2 Description: The issue arises from serializing an ACK frame after the CRYPTO frame, allowing a node to complete the handshake. This can trigger a nil pointer dereference when the node attempts to drop th...
OPENSUSE-SU-2023:0064-1 Security update for trivy
This update for trivy fixes the following issues: Update to version 0.37.3 boo1208091, CVE-2023-25165: chorehelm: update Trivy from v0.36.1 to v0.37.2 3574 ci: quote pros in c++ for semantic pr 3605 fiximage: check proxy settings from env for remote images 3604 Update to version 0.37.2: BREAKING:...