69 matches found
SUSE-SU-2026:2683-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issues: - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604...
GO-2026-4440 Quadratic parsing complexity in golang.org/x/net/html
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
EUVD-2025-11453
Malicious code in bioql PyPI...
Denial Of Service (DoS)
golang.org/x/net is vulnerable to Denial Of Service DoS. The vulnerability is due to non-linear processing of input length, which causes excessive parsing delays and allows an attacker to craft input that results in a denial of service...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.42 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Denial Of Service (DoS)
golang.org/x/net is vulnerable to Denial Of Service DoS. The vulnerability is due to the client mishandling cases where a server responds with a non-informational status, which leaves the client connection in an invalid state. Attackers can exploit this by sending "Expect: 100-continue" requests ...
GHSA-QC6V-5G5M-8CW2 ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http
Summary Applications using the zitadel-go v3 library next branch might be impacted by package vulnerabilities. The output of govulncheck suggests that only example code seems to be impacted, based on 1 of the 3 potential vulnerabilities. This vulnerability is located in the transitive dependency...
ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http
Summary Applications using the zitadel-go v3 library next branch might be impacted by package vulnerabilities. The output of govulncheck suggests that only example code seems to be impacted, based on 1 of the 3 potential vulnerabilities. This vulnerability is located in the transitive dependency...
RHEL 9 : mcg (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding CVE-2022-41723 Note that Nessus has...
EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1785)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1738)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service fro...
CVE-2024-4438
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...
Fedora 40 : dnsx (2023-2e09477fbc)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2e09477fbc advisory. Automatic update for dnsx-1.1.6-1.fc40. Changelog Thu Nov 16 2023 Mikel Olasagasti Uranga - 1.1.6-1 - Update to 1.1.6 - Closes rhbz2249448 rhbz2248264 Tenabl...
Fedora 40 : exercism (2024-35c28f59d1)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-35c28f59d1 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security...
Denial Of Service (DOS)
golang.org/x/net is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of header frame limits, allowing an attacker to send excessive CONTINUATION frames which causes the endpoint to read arbitrary amounts of header data without proper memory allocation limits...
Fedora 39 : golang-github-tdewolff-argp / golang-github-tdewolff-minify / etc (2024-c3e32c5635)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-c3e32c5635 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...
BIT-GOLANG-2023-39325 HTTP/2 rapid reset can cause excessive work in net/http
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
RHEL 8 / 9 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Oracle Linux 8 : conmon (ELSA-2023-13054)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13054 advisory. - Resolve CVE-2023-39325 - Resolve CVE-2023-39325 - Resolve CVE-2023-39325 - Resolve CVE-2023-44487 and CVE-2023-39325 - address CVE-2023-44487 and...
Oracle Linux 7 : conmon (ELSA-2023-13029)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13029 advisory. - Resolve CVE-2023-39325 - Resolve CVE-2023-39325 cri-tools - Resolve CVE-2023-39325 flannel-cni-plugin - Resolve CVE-2023-44487 and CVE-2023-39325 he...