4433 matches found
Debian dla-3385 : trafficserver - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3385 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3385-1 [email protected]...
CVE-2023-27491
A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the upstream HTTP/1 service...
Security Bulletin: Operations Dashboard is vulnerable to denial of service due to multiple vulnerabilities in Go
Summary Operations Dashboard is vulnerable to denial of service due to multiple vulnerabilities in Go with details below. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sendin...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-41717)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go caused by a flaw when handling HTTP/2 requests in the Go server. CVE-2022-41717. Golang Go is included as an operator as part of the Base OS used by our service images. Please...
Fedora 38 : reposurgeon (2023-76d18cf2fa)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-76d18cf2fa advisory. 4.35: 2023-03-21 - Document an importand gotcha about working with CVS. Clean up some annoyances in the build and test machinery. 4.34: 2023-01-24 - Change...
Moderate: Red Hat Security Advisory: Logging Subsystem for Red Hat OpenShift - 5.5.9 security update
An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2022-41717)
Summary This security vulnerability affects the memory growth in Go before version 1.18.9 that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in the Go server. By...
Mageia: Security Advisory (MGASA-2023-0109)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated golang packages fix security vulnerability
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. CVE-2022-41723 Large handshake records may cause panics in crypto/tls. CVE-2022-41724 Denial of service from excessive...
MGASA-2023-0109 Updated golang packages fix security vulnerability
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. CVE-2022-41723 Large handshake records may cause panics in crypto/tls. CVE-2022-41724 Denial of service from excessive...
Fedora 38 : gmailctl (2023-8c02aee138)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8c02aee138 advisory. Rebuild for CVE-20220-3064,41717,41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 37 : gmailctl (2023-ca444fdecf)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ca444fdecf advisory. Rebuild for CVE-20220-3064,41717,41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 36 : gmailctl (2023-abb47e24d8)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-abb47e24d8 advisory. Rebuild for CVE-20220-3064,41717,41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-1583)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-142)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-142 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has no...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-1573)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header...
SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2023:0871-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0871-1 advisory. This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18 (SUSE-SU-2023:0869-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0869-1 advisory. - CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http bsc1208270. -...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1549)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1524)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...