Количество 86
Количество 86
ROS-20240902-15
Уязвимость nomad
RLSA-2024:7349
Moderate: grafana security update
GHSA-hw49-2p59-3mhj
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
ELSA-2024-7349
ELSA-2024-7349: grafana security update (MODERATE)
BDU:2024-06680
Уязвимость модуля net/http языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании
ROS-20241024-01
Уязвимость golang
ELSA-2024-9089
ELSA-2024-9089: containernetworking-plugins security update (MODERATE)
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24789
Mishandling of corrupt central directory record in archive/zip
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip fil ...
ELSA-2024-5258
ELSA-2024-5258: container-tools:ol8 security update (IMPORTANT)
ROS-20240902-16
Множественные уязвимости consul
RLSA-2024:9135
Moderate: toolbox security update
RLSA-2024:6913
Important: golang security update
ELSA-2024-6913
ELSA-2024-6913: golang security update (IMPORTANT)
ELSA-2024-6908
ELSA-2024-6908: go-toolset:ol8 security update (IMPORTANT)
ELSA-2024-6969
ELSA-2024-6969: container-tools:ol8 security update (MODERATE)
ELSA-2025-7256
ELSA-2025-7256: git-lfs security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | ROS-20240902-15 Уязвимость nomad | CVSS3: 5.9 | 1% Низкий | около 1 года назад |
 | RLSA-2024:7349 Moderate: grafana security update | 1% Низкий | 12 месяцев назад | |
| GHSA-hw49-2p59-3mhj The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. | 1% Низкий | больше 1 года назад | |
| ELSA-2024-7349 ELSA-2024-7349: grafana security update (MODERATE) | около 1 года назад | ||
 | BDU:2024-06680 Уязвимость модуля net/http языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.9 | 1% Низкий | около 1 года назад |
| ROS-20241024-01 Уязвимость golang | CVSS3: 5.9 | 1% Низкий | 12 месяцев назад |
| ELSA-2024-9089 ELSA-2024-9089: containernetworking-plugins security update (MODERATE) | 11 месяцев назад | ||
 | CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-24789 Mishandling of corrupt central directory record in archive/zip | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
| CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip fil ... | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
| ELSA-2024-5258 ELSA-2024-5258: container-tools:ol8 security update (IMPORTANT) | около 1 года назад | ||
| ROS-20240902-16 Множественные уязвимости consul | CVSS3: 6.5 | около 1 года назад | |
| RLSA-2024:9135 Moderate: toolbox security update | 7 месяцев назад | ||
| RLSA-2024:6913 Important: golang security update | около 1 года назад | ||
| ELSA-2024-6913 ELSA-2024-6913: golang security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-6908 ELSA-2024-6908: go-toolset:ol8 security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-6969 ELSA-2024-6969: container-tools:ol8 security update (MODERATE) | около 1 года назад | ||
| ELSA-2025-7256 ELSA-2025-7256: git-lfs security update (MODERATE) | 5 месяцев назад |
Уязвимостей на страницу