EUVD-2022-4104

Malicious code in bioql PyPI...

RHEL 7 / 8 : OpenShift Virtualization 4.9.0 RPMs (RHSA-2021:4103)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4103 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...

BIT-GOLANG-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

K55518036: GO vulnerability CVE-2021-31525

Security Advisory Description net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. CVE-2021-31525 Impact There...

GHSA-H86H-8PPG-MXMH golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion

golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion

golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

Uncontrolled Recursion

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

Uncontrolled Recursion

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

RHEL 7 : OpenShift Container Storage 3.11.z (RHSA-2022:0308)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0308 advisory. The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security, bug fix, and enhancement update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE: Security Advisory (SUSE-SU-2021:2085-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server Transport and Client can each be affected in some configurations.

...

CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

UBUNTU-CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

go -- net/http: ReadRequest can stack overflow due to recursion with very large headers

The Go project reports: http.ReadRequest can stack overflow due to recursion when given a request with a very large header 8-10MB depending on the architecture. A http.Server which overrides the default max header of 1MB by setting Server.MaxHeaderBytes to a much larger value could also be...

CVE-2007-4980

The readRequest method in org/gcaldaemon/core/http/HTTPListener.java in GCALDaemon 1.0-beta13 allows remote attackers to cause a denial of service via a large integer value in the Content-Length HTTP header, which triggers a fatal Java OutOfMemoryError...