46 matches found
SUSE SLES15: bind / bind-chrootenv / bind-devel / bind-devel-32bit / bind-doc / etc (SUSE-SU-2023:2578-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2578-1 advisory. bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source...
CentOS 8 : grafana-pcp (CESA-2023:2785)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:2785 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if...
Amazon Linux 2 : golang-github-godbus-dbus (ALAS-2022-1858)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1858 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...
Medium: golang
Issue Overview: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 Affected Packages: golang Note: This advisory is applicable to Amazon...
CVE-2022-27664
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...
Code injection
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
Integer overflow
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...
CVE-2022-24667
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...
Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.0.0-m10security-10 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat...
F5 BIG-IP HTTP Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to trigger a denial of service via an HTTP...
Apache Tomcat 9.0.0.M1 < 9.0.40 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.40. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.40security-9 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...
Apache Tomcat 10.0.0-M1 < 10.0.0-M10 Information Disclosure
The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 or 7.0.0 to 7.0.106. It is, therefore, affected by a vulnerability. Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2...
CVE-2020-17527
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...
Fixed in Apache Tomcat 9.0.40
Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...
Fixed in Apache Tomcat 8.5.60
Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...
Fixed in Apache Tomcat 10.0.0-M10
Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...
PT-2020-15032
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 10.0.0-M1 through 10.0.0-M9 Apache Tomcat versions 9.0.0-M1 through 9.0.39 Apache Tomcat versions 8.5.0 through 8.5.59 Description The issue allows Apache Tomcat to re-use an HTTP request header value from the previous...
CVE-2020-11767
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection negotiated with SNI over HTTPS to .example.com, a request for a domain concurrently configured explicitly e.g., abc.example.com is sent to the servers listening behind .example.com. The outcome shoul...
CVE-2020-11767
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection negotiated with SNI over HTTPS to .example.com, a request for a domain concurrently configured explicitly e.g., abc.example.com is sent to the servers listening behind .example.com. The outcome shoul...
CVE-2020-11767
Istio up to 1.5.1 and Envoy up to 1.14.1 are affected by a data-leak vulnerability where a TCP connection negotiated with SNI over HTTPS to *.example.com can cause a domain-specific request (e.g., abc.example.com) to be sent via a connection reused by a forward proxy to the *.example.com host. Th...