Denial Of Service (DoS)

dotnet is vulnerable to denial of service DoS. The vulnerability exists through ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2...

Important: Red Hat Security Advisory: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

CVE-2021-1723

A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability...

Important: Red Hat Security Advisory: dotnet5.0 security and bugfix update

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update

An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: dotnet3.1 security and bugfix update

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 : .NET 5.0 on Red Hat Enterprise Linux (RHSA-2021:0096)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0096 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

RHEL 8 : dotnet5.0 (RHSA-2021:0094)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0094 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

PT-2021-1575 · Microsoft +3 · Visual Studio +5

Name of the Vulnerable Software and Affected Versions: ASP.NET Core and Visual Studio affected versions not specified Description: The issue is related to insufficient input validation in ASP.NET Core and Visual Studio, which can lead to a denial-of-service condition. This can be exploited by a...

Emp3R0R - Linux Post-Exploitation Framework Made By Linux User

linux post-exploitation framework made by linux user Still under active development 中文介绍 check my blog for updates how to use what to expect in future releases packer: cryptor + memfdcreate packer: use shmopen in older Linux kernels dropper: shellcode injector - python injector: inject shellcode...

SUSE-SU-2021:0040-1 Security update for tomcat

This update for tomcat fixes the following issues: Security issues fixed: - CVE-2020-13943: Fixed a HTTP/2 Request mix-up bsc1177582. - CVE-2020-17527: Fixed a HTTP/2 request header mix-up bsc1179602. Non-security issue fixed: - Removed tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from...

SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2020:3368-1)

This update for go1.15 fixes the following issues : go1.15.5 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into c...

SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2020:3369-1)

This update for go1.14 fixes the following issues : go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into...

[SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2485-1 [email protected] https://www.debian.org/lts/security/ Brian May December 09, 2020 https://wiki.debian.org/LTS -...

Apache 2 HTTP2 Module Concurrent Pool Usage Vulnerability

apache2: concurrent pool usage in http2 module h2mplx.c contains a number of calls to aplogcerror using m-c the master connection as an argument. These calls can trigger allocations using the m-c-pool. One example is coregeneratelogid. As some of the code in h2mplx.c is executed on a worker threa...

openSUSE Security Update : go1.15 (openSUSE-2020-2139)

This update for go1.15 fixes the following issues : - go1.15.5 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into...

httpd: mod_http2 concurrent pool usage

A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...

openSUSE Security Update : go1.14 (openSUSE-2020-2047)

This update for go1.14 fixes the following issues : - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected int...

openSUSE Security Update : go1.14 (openSUSE-2020-2067)

This update for go1.14 fixes the following issues : - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected int...

Security update for go1.14 (moderate)

openSUSE Security Update: Security update for go1.14 Announcement ID: openSUSE-SU-2020:2067-1 Rating: moderate References: 1164903 1178750 1178752 1178753 Cross-References: CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 Affected Products: openSUSE Leap 15.2 An update that solves three vulnerabiliti...