EUVD-2022-52460

Malicious code in bioql PyPI...

The vulnerability of the `ticket_age_add` function in the Go programming language allows a violator to gain unauthorized access to session identifiers.

The vulnerability of the ticketageadd function in the Go programming language is related to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to session identifiers...

USN-6038-2 golang-1.13, golang-1.16 vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

USN-6038-1 golang-1.18 vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

SUSE CVE-2022-30629

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

golang: crypto/tls: session tickets lack random ticket_age_add

A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption...

golang: crypto/tls: session tickets lack random ticket_age_add

A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption...

DEBIAN-CVE-2022-30629

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

AZL-10550 CVE-2022-30629 affecting package golang for versions less than 1.18.5-1

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

Session fixation

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

CVE-2022-30629

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

UBUNTU-CVE-2022-30629

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

Information Exposure

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Information Exposure. Go Vulnerability Report: An attacker can correlate a resumed TLS session with a previous connection.Session tickets generated by crypto/tls do not...

MGASA-2022-0231 Updated golang packages fix security vulnerability

crypto/tls: session tickets lack random ticketageadd. Session tickets generated by crypto/tls did not contain a randomly generated ticketageadd. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

OTRS < 3.0.0-beta7 Ticket Age Remote DoS Vulnerability

Open Ticket Request System OTRS is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DEBIAN-CVE-2010-4759

Open Ticket Request System OTRS before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service daemon hang via a fulltext search...