17 matches found
openSUSE 16 Security Update : go1.24 (openSUSE-SU-2026:20077-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20077-1 advisory. Update to go1.24.12 released 2026-01-15 bsc1236217 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the...
Fedora 43 : rpki-client (2026-0d27571013)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0d27571013 advisory. rpki-client 9.7 - The Canonical Cache Representation underwent a breaking change after the adoption of...
EUVD-2024-53378
Malicious code in bioql PyPI...
EUVD-2023-55065
Malicious code in bioql PyPI...
SUSE: Security Advisory (SUSE-SU-2024:3404-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...
Important: Red Hat Security Advisory: container-tools:rhel8 security update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2024-697)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-697 advisory. 2024-08-28: CVE-2024-24790 was added to this advisory. 2024-08-09: CVE-2023-47108 was removed from this advisory. 2024-08-09: The severity of this advisory has been changed from Important to...
ALSA-2024:2368 Moderate: mod_http2 security update
The modhttp2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modhttp2: DoS in HTTP/2 with initial window size 0 CVE-2023-43622 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487 CVE-2023-45802 For mo...
CVE-2023-45290 Memory exhaustion in multipart form parsing in net/textproto and net/http
When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...
CVE-2023-45290 Memory exhaustion in multipart form parsing in net/textproto and net/http
When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...
SUSE-SU-2023:1566-1 Security update for containerd
This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak bsc1206235. - Re-build containerd to use updated golang-packaging jsc1342. - Update to containerd v1.6.16 for Docker v23.0.0-ce...
SUSE-SU-2019:2335-1 Security update for python-Django1
This update for python-Django1 to version 1.11.23 fixes the following issues: - CVE-2019-14232: Fixed a denial of service in 'django.utils.text.Truncator' bsc1142880. - CVE-2019-14233: Fixed a denial of service in striptags bsc1142882. - CVE-2019-14234: Fixed an SQL injection in key and index...
OPENSUSE-SU-2019:1839-1 Security update for python-Django
This update for python-Django fixes the following issues: Security issues fixed: - CVE-2019-11358: Fixed prototype pollution. - CVE-2019-12308: Fixed XSS in AdminURLFieldWidget bsc1136468 - CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS bsc1139945. -...
SUSE-SU-2019:1215-1 Security update for python-Django1
This update for python-Django1 fixes the following issue: Security issue fixed: - CVE-2019-6975: Fixed memory exhaustion in django.utils.numberformat.format bsc1124991...
Fedora 29 : python2-django1.11 (2019-f528d75a69)
Update to the 1.11.20 security fix release Fixes CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
SUSE-SU-2017:2243-1 Security update for freeradius-server
This update for freeradius fixes the following issues: Security issues fixed: - CVE-2017-10988: Decode 'signed' attributes correctly. bnc1049086 - CVE-2017-10987: Check for option overflowing the packet. bnc1049086 - CVE-2017-10985: Fix infinite loop and memory exhaustion with 'concat' attributes...