433 matches found
MiracleLinux 9 : grafana-9.0.9-4.el9.ML.1 (AXSA:2023-6532:09)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6532:09 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 golang: net/http, x/net/http2: rapid...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2023-6520:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6520:01 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web server...
TencentOS Server 4: grafana-pcp (TSSA-2025:0439)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0439 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
EUVD-2024-51057
Malicious code in bioql PyPI...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
K000152389: golang: net/http, x/net/http2 vulnerability CVE-2023-39325
Security Advisory Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allo...
Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2023-39325, CVE-2022-21698)
Summary github.com/prometheus/clientgolang, golang.org/x/net are dependency packages used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapid...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Throttling due to inadequate stream handling in http2 package ( CVE-2023-39325 )
Summary Potential vulnerabilities in http2 package CVE-2023-39325 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server...
TencentOS Server 4: golang (TSSA-2024:0627)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0627 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 3: grafana (TSSA-2023:0255)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0255 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Fedora: Security Advisory (FEDORA-2024-8580c06716)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Advisory ROSA-SA-2025-2831
Software: grafana 7.5.15 OS: ROSA Virtualization 3.0 packageevrstring: grafana-7.5.15-5.rv30 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...
Linux Distros Unpatched Vulnerability : CVE-2023-39325
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of...
OESA-2025-1182 etcd security update
%expand: Security Fixes: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows th...
openSUSE Security Advisory (SUSE-SU-2024:3342-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:3098-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-39325 affecting package jx for versions less than 3.10.182-1
CVE-2023-39325 affecting package jx for versions less than 3.10.182-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-39325 affecting package local-path-provisioner for versions less than 0.0.24-3
CVE-2023-39325 affecting package local-path-provisioner for versions less than 0.0.24-3. A patched version of the package is available...
CVE-2023-39325 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1
CVE-2023-39325 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl4-1
CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl4-1. An upgraded version of the package is available that resolves this issue...