Important: golang-github-gorilla-mux

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

SUSE-SU-2022:3661-1 Security update for php8

This update for php8 fixes the following issues: - php8 was updated to version 8.0.24 - php8 was updated to version 8.0.23 jscSLE-23639. - CVE-2021-21703: Fixed a local privilege escalation via PHP-FPM. bsc1192050 - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while...

Amazon Linux 2 : runc (ALASDOCKER-2022-020)

The version of runc installed on the remote host is prior to 1.1.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2022-020 advisory. Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4...

Security Bulletin: Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046]

Summary Hortonworks DataFlow product for IBM has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45105, and CVE-2021-45046. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2439)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : vim (EulerOS-SA-2022-2594)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Out-of-bounds Read CVE-2021-4166, CVE-2021-4193 - vim is vulnerable to Use After Free CVE-2021-4192 - vim is...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-2439)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack...

CVE-2022-27810

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

CVE-2022-27810

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

CVE-2022-27810

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

Design/Logic Flaw

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

CVE-2022-27810

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

Facebook Hermes 安全漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. A security vulnerability exists in...

Debian DSA-5246-1 : mediawiki - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5246 advisory. - An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite...

SUSE-SU-2022:3493-1 Security update for libcroco

This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions bsc1171685...

Denial Of Service (DoS)

binutils,sid is vulnerable to denial of service. The vulnerability exists libiberty/rust-demangle.c which contained an uncontrolled recursion which will allow the attacker to cause the attack by consuming excessive CPU and memory resources...

EulerOS Virtualization 2.9.0 : vim (EulerOS-SA-2022-2405)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. CVE-2022-0696 - Use after free in utfptr2char in GitHub...

Medium: krb5

Issue Overview: A flaw was found in krb5. MIT Kerberos 5 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit. CVE-2020-28196 Affected Packages: krb5 Note: This advisory is applicable to...

Important: golang

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

DEBIAN-CVE-2022-28201

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message...