Lucene search
K

433 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.12 views

MiracleLinux 9 : grafana-9.0.9-4.el9.ML.1 (AXSA:2023-6532:09)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6532:09 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 golang: net/http, x/net/http2: rapid...

7.5CVSS7.6AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.10 views

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2023-6520:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6520:01 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web server...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.12 views

TencentOS Server 4: grafana-pcp (TSSA-2025:0439)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0439 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.1CVSS7.5AI score0.99999EPSS
Exploits22References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-51057

Malicious code in bioql PyPI...

6.5CVSS7.1AI score0.00467EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/09/25 12:9 a.m.5 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
F5 Networks
F5 Networks
added 2025/07/03 3:44 p.m.13 views

K000152389: golang: net/http, x/net/http2 vulnerability CVE-2023-39325

Security Advisory Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allo...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/03 9:34 a.m.6 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2023-39325, CVE-2022-21698)

Summary github.com/prometheus/clientgolang, golang.org/x/net are dependency packages used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapid...

7.5CVSS7.5AI score0.05994EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/16 9:14 a.m.6 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Throttling due to inadequate stream handling in http2 package ( CVE-2023-39325 )

Summary Potential vulnerabilities in http2 package CVE-2023-39325 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server...

7.5CVSS7.4AI score0.03796EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.2 views

TencentOS Server 4: golang (TSSA-2024:0627)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0627 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.1CVSS7.7AI score0.03796EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 3: grafana (TSSA-2023:0255)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0255 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References3
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2024-8580c06716)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.03796EPSS
Exploits0References8
Rosalinux
Rosalinux
added 2025/04/11 9:55 p.m.17 views

Advisory ROSA-SA-2025-2831

Software: grafana 7.5.15 OS: ROSA Virtualization 3.0 packageevrstring: grafana-7.5.15-5.rv30 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...

7.5CVSS8.5AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2023-39325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References4
OSV
OSV
added 2025/02/28 3:32 p.m.11 views

OESA-2025-1182 etcd security update

%expand: Security Fixes: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows th...

7.5CVSS6.8AI score0.03796EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.24 views

openSUSE Security Advisory (SUSE-SU-2024:3342-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.99999EPSS
Exploits20References13
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.23 views

openSUSE Security Advisory (SUSE-SU-2024:3098-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.99999EPSS
Exploits20References8
CBLMariner
CBLMariner
added 2025/02/19 8:5 p.m.11 views

CVE-2023-39325 affecting package jx for versions less than 3.10.182-1

CVE-2023-39325 affecting package jx for versions less than 3.10.182-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS8.1AI score0.03796EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/02/19 8:5 p.m.7 views

CVE-2023-39325 affecting package local-path-provisioner for versions less than 0.0.24-3

CVE-2023-39325 affecting package local-path-provisioner for versions less than 0.0.24-3. A patched version of the package is available...

7.5CVSS8.2AI score0.03796EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/02/11 4:7 p.m.5 views

CVE-2023-39325 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1

CVE-2023-39325 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS8.1AI score0.03796EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/02/11 4:7 p.m.8 views

CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl4-1

CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl4-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS8.1AI score0.03796EPSS
Exploits0
Rows per page
Query Builder