656 matches found
AZL-34963 CVE-2023-39325 affecting package local-path-provisioner for versions less than 0.0.24-3
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-39637 CVE-2023-39325 affecting package kata-containers-cc for versions less than 3.2.0.azl4-1
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-35070 CVE-2023-39325 affecting package opa for versions less than 0.50.2-6
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
Allocation of Resources Without Limits or Throttling
Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause...
AZL-31346 CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31335 CVE-2023-44487 affecting package nmi for versions less than 1.8.7-14
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-33343 CVE-2023-44487 affecting package helm for versions less than 3.14.0-1
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
DEBIAN-CVE-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-35117 CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31340 CVE-2023-44487 affecting package packer for versions less than 1.8.1-14
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31326 CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-34619 CVE-2023-44487 affecting package containerd for versions less than 1.7.13-3
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
CVE-2023-4329
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...
protocol-http1 HTTP Request/Response Smuggling vulnerability
...
The vulnerability of the Application Express component in the Oracle Application Express development environment allows access to data modification, addition, deletion, or partial service disruption.
The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data, or cause a partial service...
The vulnerability of the iSurvey Module component of the software for creating and processing scenarios in Oracle Scripting of the Oracle E-Business Suite allows a perpetrator to gain access to read data and modify it.
The vulnerability of the iSurvey Module component of the software for creating and processing scenarios in Oracle Scripting, a system for automating business activities within the Oracle E-Business Suite, exists due to insufficient verification of input data. Exploiting this vulnerability can all...
Mozilla: Use-after-free in WebRTC certificate generation
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...
Mozilla Firefox 资源管理错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a resource management error vulnerability that can be exploited by an attacker to trigger post-release reuse when creating a WebRTC connection over HTTPS...
CVE-2023-23841
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...
golang: net/http, net/textproto: denial of service from excessive memory allocation
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...