44 matches found
EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1785)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
RHEL 9 : mcg (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding CVE-2022-41723 Note that Nessus has...
EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1738)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service fro...
CVE-2024-4438
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...
Fedora 40 : exercism (2024-35c28f59d1)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-35c28f59d1 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security...
Fedora 40 : dnsx (2023-2e09477fbc)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2e09477fbc advisory. Automatic update for dnsx-1.1.6-1.fc40. Changelog Thu Nov 16 2023 Mikel Olasagasti Uranga - 1.1.6-1 - Update to 1.1.6 - Closes rhbz2249448 rhbz2248264 Tenabl...
Fedora 39 : golang-github-tdewolff-argp / golang-github-tdewolff-minify / etc (2024-c3e32c5635)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-c3e32c5635 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...
BIT-GOLANG-2023-39325 HTTP/2 rapid reset can cause excessive work in net/http
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
RHEL 8 / 9 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Oracle Linux 8 : conmon (ELSA-2023-13054)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13054 advisory. - Resolve CVE-2023-39325 - Resolve CVE-2023-39325 - Resolve CVE-2023-39325 - Resolve CVE-2023-44487 and CVE-2023-39325 - address CVE-2023-44487 and...
Oracle Linux 7 : conmon (ELSA-2023-13029)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13029 advisory. - Resolve CVE-2023-39325 - Resolve CVE-2023-39325 cri-tools - Resolve CVE-2023-39325 flannel-cni-plugin - Resolve CVE-2023-44487 and CVE-2023-39325 he...
Fedora 38 : gmailctl (2023-6f4c5b6331)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6f4c5b6331 advisory. upgrade to v0.10.7, close rhbz2249798 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...
Fedora 39 : prometheus-podman-exporter (2023-b75ee820ce)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b75ee820ce advisory. release v1.5.0 + security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 38 : podman-tui (2023-e359fd31d2)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e359fd31d2 advisory. podman-tui v0.12.0 + security fix for CVE-2023-39325 and CVE-2022-41717 and CVE-2022-41723 Tenable has extracted the preceding description block...
Fedora 37 : prometheus-podman-exporter (2023-b60ff8c9ec)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b60ff8c9ec advisory. release v1.5.0 + security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 37 : syncthing (2023-fa2d7b25d9)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-fa2d7b25d9 advisory. Update to version 1.26.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.26.0 Tenable has extracted the preceding description block...
Amazon Linux 2 : ecs-init (ALASECS-2023-020)
The version of ecs-init installed on the remote host is prior to 1.79.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-020 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...
Amazon Linux 2023 : ecs-init (ALAS2023-2023-435)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-435 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
Amazon Linux 2023 : ecs-init (ALAS2023-2023-434)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-434 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...
Moderate: Red Hat Security Advisory: container-tools:4.0 security and bug fix update
An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...