MGASA-2024-0086 Updated nodejs-hawk packages fix security vulnerability

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

Updated apache-mod_auth_openidc packages fix security vulnerability

Missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to DoS attack. CVE-2024-24814...

MGASA-2024-0081 Updated apache-mod_auth_openidc packages fix security vulnerability

Missing input validation on modauthopenidcsessionchunks cookie value makes the server vulnerable to DoS attack. CVE-2024-24814...

New Loop DoS Attack Threatens Hundreds of Thousands of Systems

By Waqas CISPA Researchers Unveil 'Loop DoS' Attack: A New Frontier in Denial-of-Service Tactics! This is a post from HackRead.com Read the original post: New Loop DoS Attack Threatens Hundreds of Thousands of Systems...

Important: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

A novel denial-of-service DoS attack vector has been found to target application-layer protocols based on User Datagram Protocol UDP, putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks, the approach pairs "servers of these protocols in such a way that they communicate...

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled...

ALSA-2024:1438 Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

CVE-2024-22025

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...

CVE-2024-22025

CVE-2024-22025 affects Node.js where fetch() decodes Brotli unconditionally, enabling resource exhaustion from untrusted URLs and potentially memory exhaustion or process termination. Connected sources confirm this DoS vector and indicate fixes in Node.js releases; Debian/AlmaLinux advisories enu...

CVE-2024-22025

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...

CVE-2024-22025

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...

Implementations of UDP-based application protocols are vulnerable to network loops

Overview A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols e.g., DNS, NTP, TFTP that can...

Cisco Unified IP Phone Software Denial of Service (CVE-2018-0332)

A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...

CVE-2024-24827

Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to...

tls-listener affected by the slow loris vulnerability with default configuration

Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new vulnerable to a slow-loris DoS attack. rust /// Default numbe...

CVE-2024-24827 No rate limits on POST /uploads endpoint in Discourse

Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to...

CVE-2024-24827

Discourse (open source forum software) is vulnerable to a Denial of Service caused by no rate limit on POST /uploads. The CVE-2024-24827 entry notes that creating an upload is resource-intensive, and impact varies by site settings such as max_image_size_kb, max_attachment_size_kb, and max_image_m...

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

SUSE-SU-2024:0910-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-25162: Fixed a potential use after free bsc1220409. - CVE-2021-46923: Fixed reference leakage in fs/mountsetattr bsc1220457. - CVE-2021-46924: Fixed...