Fedora 36 : golang-github-google-dap (2023-cb3a59a3df)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-cb3a59a3df advisory. Update go-dap to 0.7.0, also fix CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.7 security and bug fix update

OpenShift API for Data Protection OADP 1.0.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Fedora 37 : golang-github-google-dap (2023-8ecc0e487e)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8ecc0e487e advisory. Update go-dap to 0.7.0, also fix CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Amazon Linux 2 : golang, golang-bin, golang-misc (ALAS-2023-1926)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1926 advisory. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries ...

Medium: golang

Issue Overview: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the...

Fedora 37 : syncthing (2023-70eb8ba61e)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-70eb8ba61e advisory. Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of...

Fedora 36 : syncthing (2023-6d71ff268e)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6d71ff268e advisory. Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of...

CVE-2023-22664

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note:...

Design/Logic Flaw

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note:...

CVE-2023-22664

This CVE concerns F5 BIG-IP: when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, an undisclosed request can cause memory resource utilization to spike, potentially degrading performance or DoS. Affected versions include BIG-IP 17.0.x before 17.0.0.2,...

CVE-2023-22664 BIG-IP HTTP/2 profile vulnerability

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note:...

CVE-2023-22664 BIG-IP HTTP/2 profile vulnerability

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note:...

K000130496: Overview of F5 vulnerabilities (February 2023)

Security Advisory Description On February 1, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

K56676554: BIG-IP HTTP/2 profile vulnerability CVE-2023-22664

Security Advisory Description When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2023-22664 Impact System performance can degrade until the Traffic Management Microkernel...

F5 BIG-IP HTTP/2 profile denial of service vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP HTTP/2 profile, when enabling the client HTTP/2 profile and HTTP MR...

Fedora 36 : caddy (2023-0fff8bc164)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0fff8bc164 advisory. Rebuild for CVE-2022-41717 in golang. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Fedora 36 : git-credential-oauth (2023-2663dc67d8)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2663dc67d8 advisory. Rebuild for security fix Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Fedora 37 : caddy (2023-322314ad50)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-322314ad50 advisory. Rebuild for CVE-2022-41717 in golang. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Fedora 37 : git-credential-oauth (2023-267503a090)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-267503a090 advisory. new upstream version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

Debian: Security Advisory (DSA-5334-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...