Exploit for Incorrect Calculation in Google Android

CVE-2020-0022 Many thanks to Insinuator for their amazing blo...

OESA-2023-1531 golang security update

The Go Programming Language. Security Fixes: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trust...

OESA-2023-1532 golang security update

The Go Programming Language. Security Fixes: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trust...

Medium: nerdctl

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

Medium: golang

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2023-307)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-307 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fi...

Amazon Linux 2023 : nerdctl (ALAS2023-2023-309)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-309 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fi...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-310)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-310 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fi...

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2023-028)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-028 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chain...

Amazon Linux 2 : containerd (ALASDOCKER-2023-027)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2023-027 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can...

Amazon Linux 2 : nerdctl (ALAS-2023-2210)

The version of nerdctl installed on the remote host is prior to 1.1.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2210 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a...

Amazon Linux 2 : golang (ALAS-2023-2211)

The version of golang installed on the remote host is prior to 1.20.7-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2211 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a...

Amazon Linux 2 : runc (ALASDOCKER-2023-026)

The version of runc installed on the remote host is prior to 1.1.7-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2023-026 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a...

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2023-2209)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300026.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2209 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate...

Important: cni-plugins

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

Debian dla-3535 : libunrar-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3535 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3535-1 [email protected] https://www.debian.org/lts/security/...

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

...

SUSE CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

DEBIAN-CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...