Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : HAProxy vulnerability (USN-5869-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5869-1 advisory. Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empt...

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

GHSA-X459-P2RX-F8FF .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 5.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Denial of Service vulnerability exists in .NET 6.0 and...

.NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 5.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Denial of Service vulnerability exists in .NET 6.0 and...

Google Adds Support for DNS-over-HTTP/3 in Android to Keep DNS Queries Private — The Hacker News

Google on Tuesday officially announced support for DNS-over-HTTP/3 DoH3 for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS DoT, which was...

CVE-2022-30591

quic-go through 0.27.0 allows remote attackers to cause a denial of service CPU consumption via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtudiscoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the...

The Next Generation of HTTP

The IETF just released HTTP/3, an update to HTTP that leverages new transport protocol QUIC. Learn about how the new RFCs can affect any references to HTTP...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1577-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1577-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially...

CVE-2022-21986

A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service...

CVE-2022-219862

A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service...

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

Design/Logic Flaw

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848 Unititialized memory access in h2o

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848 Unititialized memory access in h2o

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848

CVE-2021-43848 concerns h2o, an open source HTTP server. Affects HTTP/3 support where, from commits 93af138 to d1f0f65, h2o may access uninitialized memory when processing QUIC frames, potentially treating such memory as HTTP/3 frames. In reverse proxy scenarios, an attacker could cause h2o to le...

Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5248-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5248-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing contex...

openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1635-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1635-1 advisory. - An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code...