Lucene search
K

4433 matches found

Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.34 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2292)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.19 views

Fedora 38 : golang-github-schollz-croc / golang-github-schollz-mnemonicode (2023-ac4651c9b2)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-ac4651c9b2 advisory. croc 9.6.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue b...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.22 views

EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2023-2269)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an...

9.1CVSS6.5AI score0.05493EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 8:59 p.m.47 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Golang Go. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult...

9.8CVSS8.4AI score0.04561EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/23 12:0 a.m.32 views

F5 Networks BIG-IP : BIG-IP HTTP/2 profile vulnerability (K56676554)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K56676554 advisory. - On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in versio...

7.5CVSS7.4AI score0.00626EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.34 views

SUSE SLES15: bind / bind-chrootenv / bind-devel / bind-devel-32bit / bind-doc / etc (SUSE-SU-2023:2578-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2578-1 advisory. bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source...

9.8CVSS6.8AI score0.68603EPSS
Exploits9References47
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 6:13 p.m.72 views

Security Bulletin: IBM Storage Protect is vulnerable to multiple attacks due to http2-server and http2-common

Summary IBM Storage Protect Server uses the http2-server and http2-common components and may be vulnerable to these attacks. Vulnerability Details CVEID:CVE-2019-9511 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...

7.8CVSS6.9AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 4:4 p.m.36 views

Security Bulletin: IBM Storage Protect server is vulnerable to a denial of service attack due to Golang Go (CVE-2022-41723)

Summary IBM Storage Protect Server component OSSM may be vulnerable in Golang Go, causing denial of service Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, ...

7.5CVSS7.5AI score0.04561EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/09 7:32 p.m.16 views

Denial of service via HTTP/2 HEADERS frames padding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...

7.8CVSS6.7AI score0.01248EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/06/09 7:32 p.m.44 views

GHSA-Q36X-R5X4-H4Q6 Denial of service via HTTP/2 HEADERS frames padding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...

7.5CVSS7.3AI score0.01248EPSS
Exploits0References4
OSV
OSV
added 2023/06/09 11:15 a.m.1 views

UBUNTU-CVE-2023-1428

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

7.5CVSS6.4AI score0.00412EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.45 views

EulerOS 2.0 SP5 : golang (EulerOS-SA-2023-2146)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

7.5CVSS7AI score0.04561EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/09 12:0 a.m.12 views

Denial of service via HTTP/2 HEADERS frames padding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...

7.8CVSS6.7AI score0.01248EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2146)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.04561EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/06/06 8:20 a.m.421 views

USN-6142-1: nghttp2 vulnerability

Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.1AI score0.05316EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/06/06 12:0 a.m.31 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : nghttp2 vulnerability (USN-6142-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6142-1 advisory. Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

7.5CVSS6.9AI score0.05316EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.35 views

Oracle Linux 8 : git-lfs (ELSA-2023-2866)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2866 advisory. 3.2.0-2 - Rebuild with Golang-1.19.4 - Resolves: 2163744 3.2.0-1 - Update to version 3.2.0 - Resolves: 2139382 2.13.3-2 - Define %gobuild macro with...

7.5CVSS7.2AI score0.05623EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.49 views

Oracle Linux 8 : Image / Builder (ELSA-2023-2780)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2780 advisory. cockpit-composer 45-1.0.1 - Make per page documentation links point to Oracle Linux Orabug: 32013095 45-1 - New upstream release 44-1 - New upstream...

7.5CVSS7.4AI score0.05623EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/23 4:24 p.m.24 views

Security Bulletin: CVE-2022-41723 and CVE-2022-41721 may affect IBM CICS TX Advanced

Summary CVE CVE-2022-41723 and CVE-2022-41721 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Relevant Go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by...

7.5CVSS7.9AI score0.04561EPSS
Exploits1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/05/22 12:0 a.m.24 views

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...

7.5CVSS6.7AI score0.02082EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder