85 matches found
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-41717)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go caused by a flaw when handling HTTP/2 requests in the Go server. CVE-2022-41717. Golang Go is included as an operator as part of the Base OS used by our service images. Please...
Fedora 38 : reposurgeon (2023-76d18cf2fa)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-76d18cf2fa advisory. 4.35: 2023-03-21 - Document an importand gotcha about working with CVS. Clean up some annoyances in the build and test machinery. 4.34: 2023-01-24 - Change...
Moderate: Red Hat Security Advisory: Logging Subsystem for Red Hat OpenShift - 5.5.9 security update
An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
Fedora 37 : containernetworking-plugins (2023-c0149844e2)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c0149844e2 advisory. Resolves: 2161274, 2163068 - Rebuild for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security...
Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced
Summary Multiple CVEs - CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced . IBM CICS TX Advanced has addressed the applicable CVEs. Relevant go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-2879 DESCRIPTION:...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform (collectd-libpod-stats) security update
An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.27.1
Release of OpenShift Serverless 1.27.1 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System CVSS base score. Red Hat OpenShift Serverless Client kn 1.27.1 provides a CLI to interact with Re...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container) security update
An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syst...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-41717 in Go
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-41717 in Go with details below. Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in th...
Fedora 38 : golang-github-need-being-tree / golang-helm-3 / golang-oras / etc (2023-4e2068ba5d)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-4e2068ba5d advisory. Update helm to 3.11.1, resolving multiple security issues Tenable has extracted the preceding description block directly from the Fedora security...
Fedora 37 : syncthing (2023-70eb8ba61e)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-70eb8ba61e advisory. Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of...
Fedora 37 : git-credential-oauth (2023-267503a090)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-267503a090 advisory. new upstream version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
CVE-2022-41717 Excessive memory growth in net/http and golang.org/x/net/http2
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 04 and earlier versions.
Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...
CVE-2022-2048
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...
Amazon Linux 2 : golang (ALAS-2022-1811)
The version of golang installed on the remote host is prior to 1.16.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1811 advisory. An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with...
Amazon Linux AMI : golang (ALAS-2022-1583)
The version of golang installed on the remote host is prior to 1.16.15-1.37. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1583 advisory. 2024-01-03: CVE-2021-27919 was added to this advisory. An out of bounds read vulnerability was found in golang. When...
Amazon Linux 2 : golang (ALAS-2022-1776)
The version of golang installed on the remote host is prior to 1.16.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1776 advisory. A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-44716, CVE-2021-44717)
Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2021-44716 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a...