RLSA-2024:5654 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP/2 push headers memory-leak CVE-2024-2398 For more details about the security issues, including the impact, a CVS...

curl security update

An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...

Early 2025 DDoS Attacks Signal a Dangerous Trend in Cybersecurity

As we enter 2025, the threat landscape continues to evolve, with Distributed Denial of Service DDoS attacks growing in both scale and sophistication. So far this year, we’ve already seen several major DDoS attacks over 5 million Requests Per Second RPS, signaling a concerning trend for...

K000140919: BIG-IP HTTP/2 vulnerability CVE-2025-36504

Security Advisory Description When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. CVE-2025-36504 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either...

K000140968: BIG-IP HTTP/2 vulnerability CVE-2025-41414

Security Advisory Description When HTTP/2 client and server profiles are simultaneously configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41414 Impact Traffic is disrupted while the TMM process restarts. This vulnerability...

PT-2025-20307 · F5 · Big-Ip +2

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Recommendations: At the moment, there is no information about a newe...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K000140919)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2. It is, therefore, affected by a vulnerability as referenced in the K000140919 advisory. When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increas...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K000140968)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.5 / 17.1.2 / Hotfix- BIGIP-15.1.10.7.0.4.5-ENG.iso. It is, therefore, affected by a vulnerability as referenced in the K000140968 advisory. When HTTP/2 client and server profiles are simultaneously configured on a...

MGASA-2025-0145 Updated tomcat packages fix security vulnerabilities

DoS via malformed HTTP/2 PRIORITYUPDATE frame. CVE-2025-31650 Bypass of rules in Rewrite Valve. CVE-2025-31651...

Updated tomcat packages fix security vulnerabilities

DoS via malformed HTTP/2 PRIORITYUPDATE frame. CVE-2025-31650 Bypass of rules in Rewrite Valve. CVE-2025-31651...

curl: HTTP/2 CONTINUATION Flood Vulnerability

0x00 Vulnerability Overview: Fatal Flaw in HTTP/2 Protocol Stack 1. HTTP/2 Header Block Fragmentation Mechanism RFC 7540 Specification: Header blocks are transmitted using a HEADERS frame followed by one or more CONTINUATION frames. All frames must belong to the same stream and be sent...

Exploit for Incomplete Cleanup in Apache Tomcat

TomcatKiller - CVE-2025-31650 🚨 Proof of Concept PoC for Ap...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-059)

The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-059 advisory. In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2...

USN-7469-1: Apache Traffic Server vulnerability

It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause Apache Traffic Server to crash, resulting in a denial of service...

Security Bulletin: Multiple security vulnerabilities affect Go related packages shipped with IBM CICS TX Standard.

Summary Security vulnerabilities affect Go packages that are shipped with IBM CICS TX Standard. Go modules are used by IBM CICS TX Standard to simplify dependency management. It is possible for sensitive information to be exposed through data queries with an attacker causing an HTTP/2 endpoint to...

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2024-3154 DESCRIPTION: CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

Exploit for Uncontrolled Resource Consumption in Ietf Http

PoC - CVE-2023-44487: HTTP/2 Rapid Reset Attack Este reposito...

Exploit for Uncontrolled Resource Consumption in Ietf Http

PoC - CVE-2023-44487: HTTP/2 Rapid Reset Attack Este reposito...

CVE-2025-32908

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...