EulerOS 2.0 SP9 : shim (EulerOS-SA-2023-2909)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3029)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2896)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3006)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2023-2736)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certifica...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2877)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size...

EulerOS Virtualization 2.9.0 : shim (EulerOS-SA-2023-3109)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...

ALSA-2024:0121 Moderate: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...

CVE-2024-21664 vulnerabilities

Vulnerabilities for packages: kubescape, mc, falco, tekton-chains, falcoctl, vexctl, spire-server, boring-registry, gitsign, minio...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: spire-server-fips, falco, apko, melange, goreleaser, crossplane-provider-aws-rds, terragrunt, zot, crossplane-provider-aws-dynamodb, crossplane-provider-aws-firehose, crossplane-provider-aws-memorydb, scorecard, pulumi, vexctl, crossplane-provider-aws-eks,...

use of 0.8.20

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. This is because solidity 0.8.20 introduces the PUSH0 0x5f opcode which is only supported on the ETH mainnet and not on any other chains. That's why other chains can't find the PUSH0 0x5f opcode and thro...

Important: ecs-init

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected...

Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa

The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control C2 framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under th...

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server

Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server “Perforce Server”, a source code management platform largely used in the videogame industry and by multiple...

Oracle Linux 9 : podman (ELSA-2023-7765)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7765 advisory. - Rebuild for following CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 Tenable has extracted the preceding descriptio...

Oracle Linux 9 : containernetworking-plugins (ELSA-2023-7766)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7766 advisory. - rebuild for following CVEs: CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 Tenable has extracted the preceding descriptio...

Moderate: Red Hat Security Advisory: skopeo security update

An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

golang: crypto/tls: slow verification of certificate chains containing large RSA keys

A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying...

Moderate: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...