81 matches found
PT-2023-6302
Name of the Vulnerable Software and Affected Versions Go http2 package affected versions not specified Description A malicious HTTP/2 client can cause excessive server resource consumption by rapidly creating requests and immediately resetting them. This allows the attacker to create a new reques...
Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2023-282)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-282 advisory. 2023-10-12: CVE-2023-4785 was added to this advisory. When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table...
Fedora 37 : grpc (2023-6cad6e5003)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6cad6e5003 advisory. Security fix for CVE-2023-32732 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
gRPC connection termination issue
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...
gRPC connection termination issue
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...
CVE-2023-32732
CVE-2023-32732: gRPC vulnerability where a base64 encoding error for -bin suffixed headers can cause the gRPC server to terminate a connection with an HTTP/2 proxy, potentially affecting availability (LOW). Root cause described as a header encoding mishap that proxies may still allow, with remedi...
CVE-2023-22551
The FTP aka "Implementation of a simple FTP client and server" project through 96c1a35 allows remote attackers to cause a denial of service memory consumption by engaging in client activity, such as establishing and then terminating a connection. This occurs because malloc is used but free is not...
CVE-2022-35272
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework MRF virtual server, undisclosed traffic may cause the Traffic Management Microkernel TMM to produce a core file and the connection to terminate...
CVE-2022-35272 BIG-IP HTTP MRF vulnerability CVE-2022-35272
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework MRF virtual server, undisclosed traffic may cause the Traffic Management Microkernel TMM to produce a core file and the connection to terminate...
SUSE: Security Advisory (SUSE-SU-2020:14551-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:3568-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:3632-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 Security Update : mutt (SUSE-SU-2020:3568-1)
This update for mutt fixes the following issues : CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 Note that Tenable Network Securi...
SUSE SLES12 Security Update : mutt (SUSE-SU-2020:3632-1)
This update for mutt fixes the following issues : Find and display the content of messages properly. bsc1179461 CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. bsc1179035 Avoid that message with a million tiny parts can freeze MUA for several...
SUSE-SU-2020:3632-1 Security update for mutt
This update for mutt fixes the following issues: - Find and display the content of messages properly. bsc1179461 - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for...
openSUSE Security Update : mutt (openSUSE-2020-2128)
This update for mutt fixes the following issues : - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 This update was imported fro...
openSUSE Security Update : mutt (openSUSE-2020-2141)
This update for mutt fixes the following issues : - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 This update was imported fro...
OPENSUSE-SU-2020:2141-1 Security update for mutt
This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 This update was imported from...
OPENSUSE-SU-2020:2128-1 Security update for mutt
This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113 This update was imported from...
SUSE-SU-2020:3568-1 Security update for mutt
This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections bsc1179035 - Avoid that message with a million tiny parts can freeze MUA for several minutes bsc1179113...