4433 matches found
Oracle Linux 9 : conmon (ELSA-2023-2222)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-2222 advisory. 2:2.1.7-1 - update to https://github.com/containers/conmon/releases/tag/v2.1.7 - Resolves: 2173697 2:2.1.6-1 - update to...
Oracle Linux 9 : buildah (ELSA-2023-2253)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2253 advisory. - fix CVE-2022-2990 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
Oracle Linux 9 : skopeo (ELSA-2023-2283)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2283 advisory. 2:1.11.2-0.1 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 https://github.com/containers/skopeo/commit/3f987...
Oracle Linux 9 : containernetworking-plugins (ELSA-2023-2367)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2367 advisory. 1:1.2.0-1 - update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0 - Related: 2124478 Tenable has extracted the preceding...
Oracle Linux 9 : Image / Builder (ELSA-2023-2204)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2204 advisory. cockpit-composer 45-1.0.1 - Make per page documentation links point to Oracle Linux Orabug: 32013095, Orabug:34398922 45-1 - New upstream release 44-1 ...
Oracle Linux 9 : podman (ELSA-2023-2282)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2282 advisory. - rebuild to fix CVE-2022-30629 - rebuilt with golang = 1.17.5 CVE-2021-44716, CVE-2021-44717 Tenable has extracted the preceding description block...
AlmaLinux 9 : skopeo (ALSA-2023:2283)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2283 advisory. - Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to...
AlmaLinux 9 : buildah (ALSA-2023:2253)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2253 advisory. - Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to...
AlmaLinux 9 : toolbox (ALSA-2023:2236)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2236 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing i...
AlmaLinux 9 : podman (ALSA-2023:2282)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2282 advisory. - Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to...
AlmaLinux 9 : conmon (ALSA-2023:2222)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2222 advisory. - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the...
AlmaLinux 9 : grafana (ALSA-2023:2167)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2167 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing i...
AlmaLinux 9 : containernetworking-plugins (ALSA-2023:2367)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2367 advisory. - Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1869)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1844)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...
SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:2183-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2183-1 advisory. golang-github-prometheus-alertmanager: - Security issues fixed: CVE-2022-46146: Fix authentication bypass via cache poisoning...
Moderate: Red Hat Security Advisory: conmon security and bug fix update
An update for conmon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...
golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...
Moderate: git-lfs security and bug fix update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang:...