what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

CVE-2022-2880

Status Candidate

Overview

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.

Related Files

Red Hat Security Advisory 2024-3254-03
Posted May 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3254-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2880
SHA-256 | 6bd4bccc41f931c4a80c6da9662fb3dfc9fa536c307358242e512dff724d8364
Ubuntu Security Notice USN-6038-2
Posted Jan 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

tags | advisory, remote, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-1705, CVE-2022-28131, CVE-2022-2879, CVE-2022-2880, CVE-2022-29526, CVE-2022-30629, CVE-2022-30631, CVE-2022-30633, CVE-2022-32148, CVE-2022-41717, CVE-2023-24537, CVE-2023-24538
SHA-256 | 96428fafe2ad31ad48b8e46a45e50a86a01fb944d7fa801a9d326ac37683dc05
Gentoo Linux Security Advisory 202311-09
Posted Nov 25, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41717, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404
SHA-256 | 7cd3fdaa4650cc67226eaaa58c1a34f9f619b6ed9f3c06868a9c23ebed7861b0
Red Hat Security Advisory 2023-4335-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4335-01 - The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-28805, CVE-2022-36227, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539
SHA-256 | 81b639b773dc9bc98d3be0e65210b5f630f2ddc9a2cc9d106f9c169b18da4f25
Red Hat Security Advisory 2023-4290-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2021-46848, CVE-2022-1271, CVE-2022-1304, CVE-2022-2509, CVE-2022-28805, CVE-2022-34903, CVE-2022-35737, CVE-2022-36227, CVE-2022-3715, CVE-2022-40303, CVE-2022-40304, CVE-2022-47629, CVE-2023-0464
SHA-256 | 1e2b8ec0277e95d223b5e93c67cebd05ba8613dd04c6a60f215d9837febfb0b2
Red Hat Security Advisory 2023-4003-01
Posted Jul 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-28327, CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400
SHA-256 | 3dd00e84e0da1c5c1edeaa0a26bd971bfab3a639be101a9c1603c4b46458cfce
Red Hat Security Advisory 2023-3915-01
Posted Jul 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-2995, CVE-2022-32149, CVE-2022-32190, CVE-2022-41715, CVE-2023-1370, CVE-2023-24329, CVE-2023-24540, CVE-2023-3089, CVE-2023-32067
SHA-256 | 983f22c13da7ac7e8ade2bd73150add682db932fc974bb432e054a1cc890dd94
Red Hat Security Advisory 2023-3905-01
Posted Jun 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3905-01 - Network Observability 1.3.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. This update contains bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-28805, CVE-2022-36227, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-24539, CVE-2023-24540, CVE-2023-2650, CVE-2023-27535, CVE-2023-29400
SHA-256 | 9c1a4b3b6b1779c22972b35dae1d77dc4ebc7de0dffbdefb344d5318801994ff
Red Hat Security Advisory 2023-3613-01
Posted Jun 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3613-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.22.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-32149, CVE-2022-32190, CVE-2022-41715
SHA-256 | c3f146d013ad79efb30eea96531b60720cba19094c875d1fec27a9591b05aeb5
Red Hat Security Advisory 2023-3664-01
Posted Jun 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3782, CVE-2021-46848, CVE-2022-1304, CVE-2022-1705, CVE-2022-2795, CVE-2022-28327, CVE-2022-2880, CVE-2022-32148, CVE-2022-35737, CVE-2022-36227, CVE-2022-3627, CVE-2022-3970, CVE-2022-41715, CVE-2022-41717
SHA-256 | dd336c3e2dc2db105e105127e1f2bbf79335a56f544ed3b31f07727c470cb571
Red Hat Security Advisory 2023-3644-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4235, CVE-2022-1705, CVE-2022-27664, CVE-2022-2795, CVE-2022-2879, CVE-2022-2880, CVE-2022-2995, CVE-2022-30631, CVE-2022-3162, CVE-2022-3172, CVE-2022-3204, CVE-2022-32148, CVE-2022-32189, CVE-2022-32190
SHA-256 | d08e0901464777bd733a3a8059ea4b335dfa9bfe8b9bacda0a47df5480ff08a7
Red Hat Security Advisory 2023-3645-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2021-43138, CVE-2022-24999, CVE-2022-25858, CVE-2022-27664, CVE-2022-2880, CVE-2022-36227, CVE-2022-39229, CVE-2022-41715, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361
SHA-256 | 3023d0e9a727cd7cb6e6e20ebd2258d11d98d83016ff62bc73e6192f91c39a04
Red Hat Security Advisory 2023-3642-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3642-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, denial of service, information leakage, spoofing, and traversal vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2021-42581, CVE-2022-1650, CVE-2022-1705, CVE-2022-21680, CVE-2022-21681, CVE-2022-24675, CVE-2022-24785, CVE-2022-26148, CVE-2022-27664, CVE-2022-28131, CVE-2022-28327, CVE-2022-2880, CVE-2022-29526, CVE-2022-30629
SHA-256 | 299c64208e7b0372bf38a7af4b78ae479c755f82d2b80c7932c562b81810811a
Red Hat Security Advisory 2023-3624-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2021-46848, CVE-2022-1304, CVE-2022-25147, CVE-2022-2795, CVE-2022-2880, CVE-2022-35737, CVE-2022-36227, CVE-2022-3627, CVE-2022-3970, CVE-2022-41715, CVE-2022-41717, CVE-2022-42898, CVE-2022-4304, CVE-2022-4450
SHA-256 | d2f80d582085aae75b12f07fd85ac399fe95b0c3197d108af14ac014209e5633
Red Hat Security Advisory 2023-3205-01
Posted May 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3205-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.0 images. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-32149, CVE-2022-32189, CVE-2022-32190, CVE-2022-41715, CVE-2022-41717
SHA-256 | 4a34dffe5fe9a55229a283a656ce8bd4866b959518034a1c1e0f3cd63f69b2f6
Red Hat Security Advisory 2023-2780-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2780-01 - Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41717
SHA-256 | 676edf27dc6043c0fe32e0a0c3693ef1c60c596ad51ae34e163fed07eb21da6a
Red Hat Security Advisory 2023-2784-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2784-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-27664, CVE-2022-2880, CVE-2022-39229, CVE-2022-41715
SHA-256 | a8f1ab5599e8950135e32e3d9ef7dd35bdbe09883bc89e41cd92d903d492aea3
Red Hat Security Advisory 2023-2866-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2866-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2022-2880, CVE-2022-41715, CVE-2022-41717
SHA-256 | 82071deb37de011938ed47108a0041f8ccf53784d009dffb14e81247b7a7d408
Red Hat Security Advisory 2023-2204-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2204-01 - Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41717
SHA-256 | 6ec169c1f0d0f724af4154a32732f4fc5c348e2a8ee3490c10a9bdc39ffc1378
Red Hat Security Advisory 2023-2582-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2582-01 - The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-28805
SHA-256 | 07d02c2cdcc025f64d5bfc8ef5504fe6334f6db751b82d9cf4768747227c0883
Red Hat Security Advisory 2023-2357-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2357-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Issues addressed include a denial of service vulnerability.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2022-1705, CVE-2022-27664, CVE-2022-2880, CVE-2022-30630, CVE-2022-30632, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189, CVE-2022-41715, CVE-2022-41717
SHA-256 | 9140faf074cda7ac19efb48b3148896fb61acf0a9b2cbb63cd55a246caf4594a
Red Hat Security Advisory 2023-2167-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2167-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-27664, CVE-2022-2880, CVE-2022-35957, CVE-2022-39229, CVE-2022-41715
SHA-256 | 2ed45855838590ec2be67d292e8c06e401e9b8bc47f6530cf4ea451cd0b8dbe3
Gentoo Linux Security Advisory 202305-23
Posted May 3, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-23 - Multiple vulnerabilities have been discovered in Lua, the worst of which could result in arbitrary code execution.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-5461, CVE-2021-44647, CVE-2022-28805
SHA-256 | 00aefb3377c44926da8759cd1d9a0caff52ef4beac1d0f7f4a215d7820e9e283
Red Hat Security Advisory 2023-2041-01
Posted Apr 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-4235, CVE-2022-1705, CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-2995, CVE-2022-30631, CVE-2022-3162, CVE-2022-31690, CVE-2022-3172, CVE-2022-32148, CVE-2022-32189, CVE-2022-32190, CVE-2022-3259
SHA-256 | cdceaf94ffb5f08d7907643b99fcb01c885eb8b1a5f5162002e04ee9e67c6574
Ubuntu Security Notice USN-6038-1
Posted Apr 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6038-1 - It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2022-1705, CVE-2022-28131, CVE-2022-2879, CVE-2022-2880, CVE-2022-29526, CVE-2022-30629, CVE-2022-30630, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2022-41717, CVE-2023-24534, CVE-2023-24538
SHA-256 | d693c7af1fb087931225b61859ba4862bde511f2a7551346eb8eb6777bf0309d
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close