Количество 91
Количество 91
ROS-20240902-15
Уязвимость nomad
RLSA-2024:7349
Moderate: grafana security update
GHSA-hw49-2p59-3mhj
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
ELSA-2024-7349
ELSA-2024-7349: grafana security update (MODERATE)
BDU:2024-06680
Уязвимость модуля net/http языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании
ROS-20241024-01
Уязвимость golang
ELSA-2024-9089
ELSA-2024-9089: containernetworking-plugins security update (MODERATE)
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24789
Mishandling of corrupt central directory record in archive/zip
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip fil ...
RLSA-2024:5258
Important: container-tools:rhel8 security update
ELSA-2024-5258
ELSA-2024-5258: container-tools:ol8 security update (IMPORTANT)
ROS-20240902-16
Множественные уязвимости consul
RLSA-2024:9135
Moderate: toolbox security update
RLSA-2024:6913
Important: golang security update
RLSA-2024:6908
Important: go-toolset:rhel8 security update
ELSA-2024-6913
ELSA-2024-6913: golang security update (IMPORTANT)
ELSA-2024-6908
ELSA-2024-6908: go-toolset:ol8 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | ROS-20240902-15 Уязвимость nomad | CVSS3: 5.9 | 1% Низкий | больше 1 года назад |
 | RLSA-2024:7349 Moderate: grafana security update | 1% Низкий | около 1 года назад | |
| GHSA-hw49-2p59-3mhj The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. | 1% Низкий | больше 1 года назад | |
| ELSA-2024-7349 ELSA-2024-7349: grafana security update (MODERATE) | около 1 года назад | ||
 | BDU:2024-06680 Уязвимость модуля net/http языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.9 | 1% Низкий | больше 1 года назад |
| ROS-20241024-01 Уязвимость golang | CVSS3: 5.9 | 1% Низкий | около 1 года назад |
| ELSA-2024-9089 ELSA-2024-9089: containernetworking-plugins security update (MODERATE) | около 1 года назад | ||
 | CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-24789 Mishandling of corrupt central directory record in archive/zip | CVSS3: 5.3 | 0% Низкий | 3 месяца назад |
| CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip fil ... | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
| RLSA-2024:5258 Important: container-tools:rhel8 security update | больше 1 года назад | ||
| ELSA-2024-5258 ELSA-2024-5258: container-tools:ol8 security update (IMPORTANT) | больше 1 года назад | ||
| ROS-20240902-16 Множественные уязвимости consul | CVSS3: 6.5 | больше 1 года назад | |
| RLSA-2024:9135 Moderate: toolbox security update | 9 месяцев назад | ||
| RLSA-2024:6913 Important: golang security update | около 1 года назад | ||
| RLSA-2024:6908 Important: go-toolset:rhel8 security update | около 1 года назад | ||
| ELSA-2024-6913 ELSA-2024-6913: golang security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-6908 ELSA-2024-6908: go-toolset:ol8 security update (IMPORTANT) | около 1 года назад |
Уязвимостей на страницу