Fedora: Security Advisory for proxygen (FEDORA-2023-7934802344)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: proxygen-2023.10.16.00-1.fc39

Proxygen comprises the core C++ HTTP abstractions used at Facebook. Internally, it is used as the basis for building many HTTP servers, proxies, and clients. This release focuses on the common HTTP abstractions and our simple HTTPServer framework. Future releases will provide simple client APIs a...

[SECURITY] Fedora 38 Update: proxygen-2023.10.16.00-1.fc38

Proxygen comprises the core C++ HTTP abstractions used at Facebook. Internally, it is used as the basis for building many HTTP servers, proxies, and clients. This release focuses on the common HTTP abstractions and our simple HTTPServer framework. Future releases will provide simple client APIs a...

[SECURITY] Fedora 37 Update: proxygen-2023.10.16.00-1.fc37

Proxygen comprises the core C++ HTTP abstractions used at Facebook. Internally, it is used as the basis for building many HTTP servers, proxies, and clients. This release focuses on the common HTTP abstractions and our simple HTTPServer framework. Future releases will provide simple client APIs a...

Denial Of Service (DoS)

.NET and ASP.NET are vulnerable to Denial Of Service DoS. The vulnerability exists in the Kestrel web server, which allows an attacker to bypass the QUIC stream limit in HTTP/3, resulting in an application crash...

GHSA-P57V-GV7Q-4XFM .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to...

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to...

USN-6278-1: .NET vulnerabilities

It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. CVE-2023-35390 Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could...

CVE-2023-38178

A vulnerability was found in dotNET in Kestrel component. This issue may allow a malicious client to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in HTTP/3, resulting in a denial of service...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in .NET Kestrel where a malicious client can bypass QUIC stream limit in HTTP/3 in both ASP.NET and .NET runtimes, resulting in exploitation of this vulnerability. Note: .NET 6 included HTTP/3 support as a preview...

EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2023-2269)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an...

Deliver Fast, Reliable, and Secure Web Experiences with HTTP/3

...

Deliver Fast, Reliable, and Secure Web Experiences with HTTP/3

...

EulerOS 2.0 SP10 : haproxy (EulerOS-SA-2023-1976)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka 'request...

CVE-2023-27491

A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the upstream HTTP/1 service...

JVN#38170084: HAProxy vulnerable to HTTP request/response smuggling

HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name, and when deployed in front of a server that incorrectly process this malformed header, it may be used to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may alter a legitimate...

Microsoft Patch Tuesday March 2023: Outlook EoP, MOTW Bypass, Excel DoS, HTTP/3 RCE, ICMP RCE, RPC RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays. Alternative video link for Russia: As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I...

Patch Tuesday - March 2023

Microsoft is offering fixes for 101 security issues for March 2023 Patch Tuesday, including two zero-day vulnerabilities; the most interesting of the two zero-day vulnerabilities is a flaw in Outlook which allows an attacker to authenticate against arbitrary remote resources as another user...

K61367237: BIG-IP HTTP/3 QUIC vulnerability CVE-2020-5859

Security Advisory Description Specially formatted HTTP/3 messages may cause the Traffic Management Microkernel TMM to produce a core file. CVE-2020-5859 Impact TMM may restart and temporarily fail to process traffic on BIG-IP hosts with the HTTP/3 QUIC profile configured. High availability HA...

Debian dla-3318 : haproxy - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3318 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3318-1 [email protected] https://www.debian.org/lts/security/...