AZL-31316 CVE-2023-44487 affecting package keda for versions less than 2.4.0-14

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31491 CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31339 CVE-2023-44487 affecting package nodejs18 for versions less than 18.18.2-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31304 CVE-2023-44487 affecting package cri-tools for versions less than 1.28.0-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-37314 CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34890 CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Insecure Session Cookie Handling

quarkus-oidc is vulnerable to Insecure OIDC Session Cookie Handling. The vulnerability exists because the library does not properly encrypt the OIDC session cookie value by default which leads to the leakage of both ID and access tokens in the authorization code flow when an insecure HTTP protoco...

Quarkus OIDC can leak both ID and access tokens

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

CVE-2023-1584

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

Authorization

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

CVE-2023-1584 Quarkus-oidc: id and access tokens leak via the authorization code flow

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

OESA-2023-1500 golang security update

The Go Programming Language. Security Fixes: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host o...

Paessler PRTG Network Monitor Cross-Site Request Forgery Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A cross-site request forgery vulnerability exists in Paessler PRTG Network Monitor version 23.2.83.1760, which stems from NetApp Volume Sensor transmitting plaintext credentials ove...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-f75af676f2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-38697

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARKMULE. The scale of the attacks i...

Microsoft Windows Multiple Vulnerabilities (KB5023706)

This host is missing an important security update according to Microsoft KB5023706 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

The vulnerability of the Application Express Customers Plugin component in the Oracle Application Express development environment allows a attacker to read data and modify it.

The vulnerability of the Application Express Customers Plugin component in the Oracle Application Express development environment exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delet...

Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Exploit

Title: Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Author: nu11secur1ty Date: 01.14.2022 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/download/details.aspx?id=48264 Reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-219...