Lucene search
K

4433 matches found

AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.61 views

Moderate: git-lfs security and bug fix update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang:...

7.5CVSS7.2AI score0.05623EPSS
Exploits4References22
OSV
OSV
added 2023/05/09 12:0 a.m.29 views

ALSA-2023:2367 Moderate: containernetworking-plugins security and bug fix update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

5.3CVSS8.5AI score0.05623EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/05/08 12:0 a.m.40 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-1804)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/05/03 12:0 a.m.29 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-175)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-175 advisory. Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 cmd/go in Go before 1.16.14 and 1.17.x...

9.8CVSS7.8AI score0.05623EPSS
Exploits2References32
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:48 a.m.41 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41717]

Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-41717 Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is...

5.3CVSS6.7AI score0.05623EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/28 12:0 a.m.39 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS : Netty vulnerabilities (USN-6049-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6049-1 advisory. It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use...

7.5CVSS6.6AI score0.18891EPSS
Exploits3References10
Veracode
Veracode
added 2023/04/26 11:54 a.m.69 views

Timing Attack

laravel/framework is vulnerable to Timing Attacks. The vulnerability exists in the hasValidCredentials function of SessionGuard.php due to the fact that a successful login request takes more time then a unsuccessful request due to HTTP/2 multiplexing, which allows an attacker to enumerate users v...

5.3CVSS5.5AI score0.00881EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/04/25 7:15 p.m.13 views

CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

5.3CVSS5.7AI score
Exploits0References4
NVD
NVD
added 2023/04/25 7:15 p.m.19 views

CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

5.3CVSS5.4AI score0.00881EPSS
Exploits1References4
Prion
Prion
added 2023/04/25 7:15 p.m.18 views

Authentication flaw

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

5CVSS5.3AI score0.00881EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/25 12:0 a.m.56 views

NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2023-1001)

The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily...

9.8CVSS7.1AI score0.97108EPSS
Exploits11References29
CVE
CVE
added 2023/04/25 12:0 a.m.93 views

CVE-2022-40482

The CVE-2022-40482 issue affects Laravel 8.x–9.x prior to 9.32.0. The vulnerability arises in the authentication path where hasValidCredentials in Illuminate\Auth\SessionGuard may return early when a user does not exist, enabling timeless timing attacks over HTTP/2 multiplexing and potential user...

5.3CVSS5.3AI score0.00881EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.21 views

CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

5.7AI score0.00881EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/04/21 12:0 a.m.40 views

Amazon Linux AMI : golang (ALAS-2023-1731)

The version of golang installed on the remote host is prior to 1.18.6-1.43. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1731 advisory. Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working...

9.8CVSS7.7AI score0.05623EPSS
Exploits2References28
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.34 views

Fedora 37 : gh / golang-github-cenkalti-backoff / golang-github-cli-crypto / etc (2023-cb20f08a4e)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-cb20f08a4e advisory. Update gh to 2.27.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for thi...

7.5CVSS7AI score0.04561EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.37 views

Amazon Linux 2 : golang, --advisory ALAS2-2023-2015 (ALAS-2023-2015)

The version of golang installed on the remote host is prior to 1.18.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2015 advisory. Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable...

7.8CVSS7.5AI score0.04561EPSS
Exploits2References12
Rosalinux
Rosalinux
added 2023/04/18 12:9 p.m.70 views

Advisory ROSA-SA-2023-2155

Software: modhttp2 1.15.7 OS: ROSA Virtualization 2.1 packageevrstring: 1.15.7 CVE-ID: CVE-2020-11993 BDU-ID: 2021-00779 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Apache HTTP Server's implementation of the HTTP/2 web server mechanism is related to inconsistent interpretation of http...

9.8CVSS8.9AI score0.8377EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/17 6:0 p.m.55 views

Security Bulletin: Golang Go vulnerability

Summary Golang Go is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in the Go server. By sending a specially-crafted keys, a remote attacker could exploit this...

5.3CVSS6.6AI score0.05623EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/15 12:0 a.m.39 views

Fedora 38 : skopeo (2023-ccaf5538dd)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ccaf5538dd advisory. Security fix for CVE-2022-41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.1AI score0.04561EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/12 12:0 a.m.27 views

Fedora 37 : skopeo (2023-28c182b657)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-28c182b657 advisory. Security fix for CVE-2022-41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.1AI score0.04561EPSS
Exploits0References2
Rows per page
Query Builder