941 matches found
golang: crypto/tls: slow verification of certificate chains containing large RSA keys
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying...
RHEL 9 : runc (RHSA-2023:7763)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7763 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...
RHEL 9 : buildah (RHSA-2023:7764)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7764 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...
openssl: Denial of service by excessive resource usage in verifying X509 policy constraints
A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...
CVE-2023-49290 vulnerabilities
Vulnerabilities for packages: falco, cosign-fips, gitsign, falcoctl, kubescape, vexctl, falcoctl-fips, tekton-chains...
CVE-2023-49290 vulnerabilities
Vulnerabilities for packages: kubescape, falco, tekton-chains, falcoctl, vexctl, gitsign...
xnio: StackOverflowException when the chain of notifier states becomes problematically big
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service DoS...
Security Bulletin: IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities
Summary IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows when a web application opened a stream for an uploaded file...
GHSA-VFP6-JRW2-99G9 vulnerabilities
Vulnerabilities for packages: spire-server-fips, falco, apko, melange, spire-server, tkn, aactl, flux-source-controller, ko, cosign, skaffold, slsa-verifier, kubescape, policy-controller, falcoctl-fips, tekton-chains...
GHSA-VFP6-JRW2-99G9 vulnerabilities
Vulnerabilities for packages: aactl, kubescape, cosign, skaffold, falco, tekton-chains, apko, melange, tkn, policy-controller, spire-server, slsa-verifier, ko, flux-source-controller...
Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Operator security update
An update is now available for OpenShift-Pipelines-1.11-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2023-46737 vulnerabilities
Vulnerabilities for packages: spire-server-fips, falco, apko, melange, spire-server, tkn, aactl, flux-source-controller, ko, cosign, skaffold, slsa-verifier, kubescape, policy-controller, falcoctl-fips, tekton-chains...
CVE-2023-46737 vulnerabilities
Vulnerabilities for packages: aactl, kubescape, cosign, skaffold, falco, tekton-chains, apko, melange, tkn, policy-controller, spire-server, slsa-verifier, ko, flux-source-controller...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3029)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: cert-manager, falco, spire-server-fips, k3d, k3s, scorecard, rancher-agent, kpt, aactl, ctop, skaffold, slsa-verifier, kubescape, falcoctl-fips, paranoia, bom, tekton-chains, chartmuseum, up...
go-toolset and golang security and bug fix update
An update is available for go-toolset. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and libraries. Go is...
Important: Red Hat Security Advisory: Cryostat security update
An update is now available for Cryostat 2 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update
An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Amazon Linux 2 : containerd (ALASECS-2023-008)
The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-008 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause...
WordPress 5.2.x < 5.2.19 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...