Lucene search
K

85 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 5:18 p.m.39 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-41717)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go caused by a flaw when handling HTTP/2 requests in the Go server. CVE-2022-41717. Golang Go is included as an operator as part of the Base OS used by our service images. Please...

5.3CVSS6.6AI score0.05623EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.20 views

Fedora 38 : reposurgeon (2023-76d18cf2fa)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-76d18cf2fa advisory. 4.35: 2023-03-21 - Document an importand gotcha about working with CVS. Clean up some annoyances in the build and test machinery. 4.34: 2023-01-24 - Change...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/03/29 10:29 a.m.39 views

Moderate: Red Hat Security Advisory: Logging Subsystem for Red Hat OpenShift - 5.5.9 security update

An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

5.3CVSS6.8AI score0.05623EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/18 12:0 a.m.34 views

Fedora 37 : containernetworking-plugins (2023-c0149844e2)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c0149844e2 advisory. Resolves: 2161274, 2163068 - Rebuild for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/16 3:24 p.m.45 views

Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced

Summary Multiple CVEs - CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced . IBM CICS TX Advanced has addressed the applicable CVEs. Relevant go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-2879 DESCRIPTION:...

7.5CVSS7.2AI score0.05623EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/03/15 7:58 p.m.54 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/03/09 1:46 p.m.78 views

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.27.1

Release of OpenShift Serverless 1.27.1 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System CVSS base score. Red Hat OpenShift Serverless Client kn 1.27.1 provides a CLI to interact with Re...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/06 4:23 p.m.64 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container) security update

An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syst...

7.5CVSS6.7AI score0.05623EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 3:33 p.m.36 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-41717 in Go

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-41717 in Go with details below. Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in th...

5.3CVSS6.7AI score0.05623EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.47 views

Fedora 38 : golang-github-need-being-tree / golang-helm-3 / golang-oras / etc (2023-4e2068ba5d)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-4e2068ba5d advisory. Update helm to 3.11.1, resolving multiple security issues Tenable has extracted the preceding description block directly from the Fedora security...

9.3CVSS7.3AI score0.05623EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/02/03 12:0 a.m.24 views

Fedora 37 : syncthing (2023-70eb8ba61e)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-70eb8ba61e advisory. Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.34 views

Fedora 37 : git-credential-oauth (2023-267503a090)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-267503a090 advisory. new upstream version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/12/08 8:15 p.m.47 views

CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.8AI score0.05623EPSS
Exploits0References11
OSV
OSV
added 2022/12/08 7:3 p.m.45 views

CVE-2022-41717 Excessive memory growth in net/http and golang.org/x/net/http2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.8AI score0.05623EPSS
Exploits0References27
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/11 1:3 p.m.81 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 04 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...

7.5CVSS7.3AI score0.99298EPSS
Exploits17Affected Software1
RedhatCVE
RedhatCVE
added 2022/08/09 3:36 p.m.76 views

CVE-2022-2048

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

7.5CVSS3.6AI score0.0227EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/07/15 12:0 a.m.94 views

Amazon Linux 2 : golang (ALAS-2022-1811)

The version of golang installed on the remote host is prior to 1.16.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1811 advisory. An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with...

9.8CVSS7.2AI score0.10299EPSS
Exploits3References34
Tenable Nessus
Tenable Nessus
added 2022/04/29 12:0 a.m.51 views

Amazon Linux AMI : golang (ALAS-2022-1583)

The version of golang installed on the remote host is prior to 1.16.15-1.37. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1583 advisory. 2024-01-03: CVE-2021-27919 was added to this advisory. An out of bounds read vulnerability was found in golang. When...

9.8CVSS7AI score0.10299EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2022/04/27 12:0 a.m.212 views

Amazon Linux 2 : golang (ALAS-2022-1776)

The version of golang installed on the remote host is prior to 1.16.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1776 advisory. A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing...

9.8CVSS6.9AI score0.10299EPSS
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 8:46 p.m.48 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-44716, CVE-2021-44717)

Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2021-44716 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a...

7.5CVSS0.6AI score0.03958EPSS
Exploits0Affected Software1
Rows per page
Query Builder