4433 matches found
Moderate: git-lfs security and bug fix update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang:...
ALSA-2023:2367 Moderate: containernetworking-plugins security and bug fix update
The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-1804)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-175)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-175 advisory. Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 cmd/go in Go before 1.16.14 and 1.17.x...
Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41717]
Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-41717 Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS : Netty vulnerabilities (USN-6049-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6049-1 advisory. It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use...
Timing Attack
laravel/framework is vulnerable to Timing Attacks. The vulnerability exists in the hasValidCredentials function of SessionGuard.php due to the fact that a successful login request takes more time then a unsuccessful request due to HTTP/2 multiplexing, which allows an attacker to enumerate users v...
CVE-2022-40482
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...
CVE-2022-40482
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...
Authentication flaw
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...
NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2023-1001)
The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily...
CVE-2022-40482
The CVE-2022-40482 issue affects Laravel 8.x–9.x prior to 9.32.0. The vulnerability arises in the authentication path where hasValidCredentials in Illuminate\Auth\SessionGuard may return early when a user does not exist, enabling timeless timing attacks over HTTP/2 multiplexing and potential user...
CVE-2022-40482
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...
Amazon Linux AMI : golang (ALAS-2023-1731)
The version of golang installed on the remote host is prior to 1.18.6-1.43. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1731 advisory. Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working...
Fedora 37 : gh / golang-github-cenkalti-backoff / golang-github-cli-crypto / etc (2023-cb20f08a4e)
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-cb20f08a4e advisory. Update gh to 2.27.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for thi...
Amazon Linux 2 : golang, --advisory ALAS2-2023-2015 (ALAS-2023-2015)
The version of golang installed on the remote host is prior to 1.18.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2015 advisory. Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable...
Advisory ROSA-SA-2023-2155
Software: modhttp2 1.15.7 OS: ROSA Virtualization 2.1 packageevrstring: 1.15.7 CVE-ID: CVE-2020-11993 BDU-ID: 2021-00779 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Apache HTTP Server's implementation of the HTTP/2 web server mechanism is related to inconsistent interpretation of http...
Security Bulletin: Golang Go vulnerability
Summary Golang Go is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in the Go server. By sending a specially-crafted keys, a remote attacker could exploit this...
Fedora 38 : skopeo (2023-ccaf5538dd)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ccaf5538dd advisory. Security fix for CVE-2022-41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Fedora 37 : skopeo (2023-28c182b657)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-28c182b657 advisory. Security fix for CVE-2022-41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...