Important: golang-github-gorilla-mux

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: go-rpm-macros

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: golang-googlecode-net

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: golang-github-syndtr-gocapability

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Moderate: Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update

An update is now available for Red Hat Openshift distributed tracing 2.6.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

CVE-2019-25076

A flaw was found in the Tuple Space Search TSS algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0. This issue allows remote attackers to cause a denial of service via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache...

JSON Web Token (JWT) Weaknesses

JSON Web Tokens, or JWTs, are an encoded set of claims commonly seen in REST APIs and Single page web applications SPAs. These encoded claims are used to provide identification of the requester and other information related to accessing. It is a stateless mechanism, and the token is sent with eve...

In-Depth Look Into Data-Driven Science Behind Qualys TruRisk

Vulnerability Management is a foundational component of any cybersecurity program for the implementation of appropriate security controls and the management of cyber risk. Earlier this year Qualys introduced the latest iteration of its vulnerability management product VMDR 2.0 with TruRisk which...

HSTP - Simple Hyper Service Transfer Protocol On Networks

The protocol aims to develop a application layer abstraction for the Hyper Service Transfer Protocol. HSTP is a recursion as nature of HSTP. This protocol implements itself as a interface. On every internet connected device, there is a HSTP instance. That's why the adoption is not needed. HSTP...

Huawei EulerOS: Security Advisory for python-jwt (EulerOS-SA-2022-2434)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-jwt (EulerOS-SA-2022-2421)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.6 : binutils (EulerOS-SA-2022-2487)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visua...

EulerOS 2.0 SP10 : python-jwt (EulerOS-SA-2022-2421)

According to the versions of the python-jwt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the...

EulerOS 2.0 SP10 : python-jwt (EulerOS-SA-2022-2434)

According to the versions of the python-jwt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the...

SUSE SLES15 Security Update : python-PyJWT (SUSE-SU-2022:3545-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3545-1 advisory. - CVE-2022-29217: Fixed key confusion through non-blocklisted public key formats bsc1199756. Tenable has extracted the preceding description...

SIF's Digital Signature Hash Algorithms Not Validated

Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...

GHSA-M5M3-46GJ-WCH8 SIF's Digital Signature Hash Algorithms Not Validated

Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...

CVE-2022-39237

syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...

Design/Logic Flaw

syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...

node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...