Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution

Title: Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Author: nu11secur1ty Date: 01.14.2022 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/download/details.aspx?id=48264 Reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-219...

USN-6155-1: Requests vulnerability

Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information...

gRPC 安全漏洞

gRPC is a modern, open source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from the fact that when the gRPC HTTP2 stack throws a header size exceeded error, it skips parsing the rest of the HPACK frame. This causes...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

PT-2023-2536 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 6.4.0.0.0 through 12.2.1.4.0 Description: The issue exists due to insufficient input validation in the Analytics Web General component of Oracle Business Intelligence Enterprise Edition...

CVE-2023-1584

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

The vulnerability of the HTTP-protocol implementation (http.sys) in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the HTTP-protocol implementation http.sys in Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially crafted HTTP/3 request from a remote location...

golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the companys hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months. Two of th...

CVE-2023-23392

HTTP Protocol Stack Remote Code Execution Vulnerability...

CVE-2023-23392

HTTP Protocol Stack Remote Code Execution Vulnerability...

Remote code execution

HTTP Protocol Stack Remote Code Execution Vulnerability...

CVE-2023-23392 HTTP Protocol Stack Remote Code Execution Vulnerability

...

CVE-2023-23392 HTTP Protocol Stack Remote Code Execution Vulnerability

...

CVE-2023-23392

CVE-2023-23392 is a remotely exploitable security flaw in the Windows HTTP Protocol Stack that enables remote code execution when HTTP/3 with buffered I/O is enabled. Multiple connected sources confirm affected products as Windows 11 and Windows Server 2022, with successful exploitation possible ...

Microsoft Windows HTTP Protocol Stack 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in the Microsoft Windows HTTP Protocol Stack. The following products and versions are affected: Windows Server 2022,Windows Server 202...

KLA48553 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions. Below is a complete list of...