410 matches found
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
Important: Red Hat Security Advisory: nodejs:18 security update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nodejs: CONTINUATION frames DoS
A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2024-039 (ALASECS-2024-039)
The version of ecs-init installed on the remote host is prior to 1.84.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-039 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
RHEL 9 : nodejs (RHSA-2024:4721)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4721 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
EulerOS 2.0 SP8 : golang (EulerOS-SA-2024-2030)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2024-1961)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward...
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1909)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaini...
httpd: CONTINUATION frames DoS
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...
httpd: CONTINUATION frames DoS
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...
Important: Red Hat Security Advisory: nodejs:16 security update
An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nodejs: CONTINUATION frames DoS
A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...
CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)
The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...