4433 matches found
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2292)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...
Fedora 38 : golang-github-schollz-croc / golang-github-schollz-mnemonicode (2023-ac4651c9b2)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-ac4651c9b2 advisory. croc 9.6.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue b...
EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2023-2269)
According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Golang Go. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult...
F5 Networks BIG-IP : BIG-IP HTTP/2 profile vulnerability (K56676554)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K56676554 advisory. - On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in versio...
SUSE SLES15: bind / bind-chrootenv / bind-devel / bind-devel-32bit / bind-doc / etc (SUSE-SU-2023:2578-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2578-1 advisory. bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source...
Security Bulletin: IBM Storage Protect is vulnerable to multiple attacks due to http2-server and http2-common
Summary IBM Storage Protect Server uses the http2-server and http2-common components and may be vulnerable to these attacks. Vulnerability Details CVEID:CVE-2019-9511 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...
Security Bulletin: IBM Storage Protect server is vulnerable to a denial of service attack due to Golang Go (CVE-2022-41723)
Summary IBM Storage Protect Server component OSSM may be vulnerable in Golang Go, causing denial of service Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, ...
Denial of service via HTTP/2 HEADERS frames padding
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...
GHSA-Q36X-R5X4-H4Q6 Denial of service via HTTP/2 HEADERS frames padding
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...
UBUNTU-CVE-2023-1428
There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...
EulerOS 2.0 SP5 : golang (EulerOS-SA-2023-2146)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...
Denial of service via HTTP/2 HEADERS frames padding
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2146)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6142-1: nghttp2 vulnerability
Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : nghttp2 vulnerability (USN-6142-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6142-1 advisory. Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...
Oracle Linux 8 : git-lfs (ELSA-2023-2866)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2866 advisory. 3.2.0-2 - Rebuild with Golang-1.19.4 - Resolves: 2163744 3.2.0-1 - Update to version 3.2.0 - Resolves: 2139382 2.13.3-2 - Define %gobuild macro with...
Oracle Linux 8 : Image / Builder (ELSA-2023-2780)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2780 advisory. cockpit-composer 45-1.0.1 - Make per page documentation links point to Oracle Linux Orabug: 32013095 45-1 - New upstream release 44-1 - New upstream...
Security Bulletin: CVE-2022-41723 and CVE-2022-41721 may affect IBM CICS TX Advanced
Summary CVE CVE-2022-41723 and CVE-2022-41721 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Relevant Go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by...
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...