Moderate: Red Hat Security Advisory: Logging Subsystem 5.4.12 - Red Hat OpenShift

Logging Subsystem 5.4.12 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1442)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2023-1505)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1467)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header...

Fedora 37 : golang-github-projectdiscovery-chaos-client (2023-8b700042ac)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8b700042ac advisory. Update to 0.4.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container) security update

An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syst...

[SECURITY] [DLA 3351-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3351-1 [email protected] https://www.debian.org/lts/security/ Lee Garrett March 03, 2023 https://wiki.debian.org/LTS -...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-41717 in Go

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-41717 in Go with details below. Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in th...

CVE-2022-41723

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

CVE-2022-41723

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

CVE-2022-41723

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

Code injection

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

CVE-2022-41723 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

CVE-2022-41723

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

CVE-2022-41723 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

CVE-2022-41723

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

CVE-2022-41723

CVE-2022-41723 describes a denial-of-service in the HPACK decoder triggered by a malicious HTTP/2 stream, causing excessive CPU use. Public documents list affected ecosystems across Go HTTP/2/x/net implementations and various distributions (e.g., Red Hat OpenStack platforms, Astra Linux, CBLMarin...

Denial Of Service (DoS)

github.com/golang/net is vulnerable to Denial of Service DoS attacks. An attacker is able to cause excessive CPU consumption through the HPACK decoder via a small number of maliciously crafted HTTP/2 stream requests, resulting in an application crash...

Undertow client not checking server identity presented by server certificate in https connections

The undertow client is not checking the server identity presented by the server certificate in https connections. This should be performed by default in https and in http/2...

GHSA-PFCC-3G6R-8RG8 Undertow client not checking server identity presented by server certificate in https connections

The undertow client is not checking the server identity presented by the server certificate in https connections. This should be performed by default in https and in http/2...