Lucene search
K

81 matches found

Positive Technologies
Positive Technologies
added 2023/10/06 12:0 a.m.13 views

PT-2023-6302

Name of the Vulnerable Software and Affected Versions Go http2 package affected versions not specified Description A malicious HTTP/2 client can cause excessive server resource consumption by rapidly creating requests and immediately resetting them. This allows the attacker to create a new reques...

7.8CVSS6.6AI score0.03796EPSS
Exploits0References376
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.33 views

Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2023-282)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-282 advisory. 2023-10-12: CVE-2023-4785 was added to this advisory. When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table...

7.5CVSS7.1AI score0.00666EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/07/23 12:0 a.m.26 views

Fedora 37 : grpc (2023-6cad6e5003)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6cad6e5003 advisory. Security fix for CVE-2023-32732 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

5.3CVSS7.3AI score0.00531EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/07/06 9:15 p.m.48 views

gRPC connection termination issue

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

5.3CVSS5.3AI score0.00531EPSS
Exploits0References10Affected Software3
RubySec
RubySec
added 2023/07/06 12:0 a.m.34 views

gRPC connection termination issue

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

5.3CVSS6.9AI score0.00531EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/09 10:48 a.m.2937 views

CVE-2023-32732

CVE-2023-32732: gRPC vulnerability where a base64 encoding error for -bin suffixed headers can cause the gRPC server to terminate a connection with an HTTP/2 proxy, potentially affecting availability (LOW). Root cause described as a header encoding mishap that proxies may still allow, with remedi...

5.3CVSS5.5AI score0.00531EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/01/01 12:0 a.m.25 views

CVE-2023-22551

The FTP aka "Implementation of a simple FTP client and server" project through 96c1a35 allows remote attackers to cause a denial of service memory consumption by engaging in client activity, such as establishing and then terminating a connection. This occurs because malloc is used but free is not...

7.6AI score0.01514EPSS
Exploits1References1
OSV
OSV
added 2022/08/04 6:15 p.m.3 views

CVE-2022-35272

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework MRF virtual server, undisclosed traffic may cause the Traffic Management Microkernel TMM to produce a core file and the connection to terminate...

5.5CVSS5.8AI score0.00418EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/08/04 5:49 p.m.25 views

CVE-2022-35272 BIG-IP HTTP MRF vulnerability CVE-2022-35272

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework MRF virtual server, undisclosed traffic may cause the Traffic Management Microkernel TMM to produce a core file and the connection to terminate...

7.5CVSS7.7AI score0.00418EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.17 views

SUSE: Security Advisory (SUSE-SU-2020:14551-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.7AI score0.02323EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2020:3568-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.7AI score0.02323EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2020:3632-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.7AI score0.02323EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.38 views

SUSE SLED15 / SLES15 Security Update : mutt (SUSE-SU-2020:3568-1)

This update for mutt fixes the following issues : CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 Note that Tenable Network Securi...

5.3CVSS5.6AI score0.02323EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.31 views

SUSE SLES12 Security Update : mutt (SUSE-SU-2020:3632-1)

This update for mutt fixes the following issues : Find and display the content of messages properly. bsc1179461 CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. bsc1179035 Avoid that message with a million tiny parts can freeze MUA for several...

5.3CVSS5.6AI score0.02323EPSS
Exploits0References6
OSV
OSV
added 2020/12/07 10:50 a.m.6 views

SUSE-SU-2020:3632-1 Security update for mutt

This update for mutt fixes the following issues: - Find and display the content of messages properly. bsc1179461 - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for...

5.3CVSS5.4AI score0.02323EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/12/07 12:0 a.m.29 views

openSUSE Security Update : mutt (openSUSE-2020-2128)

This update for mutt fixes the following issues : - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 This update was imported fro...

5.3CVSS5.6AI score0.02323EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/12/03 12:0 a.m.26 views

openSUSE Security Update : mutt (openSUSE-2020-2141)

This update for mutt fixes the following issues : - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 This update was imported fro...

5.3CVSS5.6AI score0.02323EPSS
Exploits0References3
OSV
OSV
added 2020/12/01 5:7 p.m.3 views

OPENSUSE-SU-2020:2141-1 Security update for mutt

This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 This update was imported from...

5.3CVSS5.7AI score0.02323EPSS
Exploits0References4
OSV
OSV
added 2020/12/01 12:42 a.m.9 views

OPENSUSE-SU-2020:2128-1 Security update for mutt

This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 This update was imported from...

5.3CVSS5.7AI score0.02323EPSS
Exploits0References4
OSV
OSV
added 2020/11/30 3:59 p.m.6 views

SUSE-SU-2020:3568-1 Security update for mutt

This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113...

5.3CVSS5.4AI score0.02323EPSS
Exploits0References4
Rows per page
Query Builder