ROS-20260513-73-0017

Vulnerability in python2-requests related to insecure temporary files. Exploitation of the vulnerability could allow an attacker to overwrite arbitrary files...

Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a...

CLEANSTART-2026-WG18689 attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Multiple security vulnerabilities affect the minio-client-fips package. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. See references for individual vulnerability details...

CLEANSTART-2026-AN66259 attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Multiple security vulnerabilities affect the minio-client-fips package. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. See references for individual vulnerability details...

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

SUSE CVE-2024-52317

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

USN-6943-1 tomcat8, tomcat9 vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

DEBIAN-CVE-2021-47391

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Ensure rdmaaddrcancel happens before issuing more requests The FSM can run in a circle allowing rdmaresolveip to be called twice on the same idpriv. While this cannot happen without going through the work, it violates t...

UBUNTU-CVE-2021-47391

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Ensure rdmaaddrcancel happens before issuing more requests The FSM can run in a circle allowing rdmaresolveip to be called twice on the same idpriv. While this cannot happen without going through the work, it violates t...

USN-6438-1 dotnet6, dotnet7 vulnerabilities

Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. CVE-2023-36799 It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly...

SUSE CVE-2017-7842

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox 57...

SUSE CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

http2-server: Invalid HTTP/2 requests cause DoS

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

AZL-45165 CVE-2021-44716 affecting package buildah for versions less than 1.41.4-2

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-35123 CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.8.2-1

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-43909 CVE-2021-44716 affecting package buildah 1.18.0-29

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

OPENSUSE-SU-2020:1063-1 Security update for tomcat

This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive...

CVE-2018-20392

S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...