EUVD-2018-19895

Malware in sbrugna...

EUVD-2016-10017

Malware in sbrugna...

h2 vulnerable to denial of service

Hyper is an HTTP library for Rust and h2 is an HTTP 2.0 client & server implementation for Rust. An issue was discovered in h2 v0.2.4 when processing header frames. It incorrectly processes the HTTP2 RSTSTREAM frames by not always releasing the memory immediately upon receiving the reset frame,...

Security update for varnish (important)

openSUSE Security Update: Security update for varnish Announcement ID: openSUSE-SU-2022:0148-1 Rating: important References: 1181400 1188470 1195188 Cross-References: CVE-2021-36740 CVE-2022-23959 CVSS scores: CVE-2021-36740 NVD : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-36740...

Design/Logic Flaw

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

CVE-2022-24801

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

CVE-2022-24801 HTTP Request Smuggling in twisted.web

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

CVE-2022-24801

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

Denial of service

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-8226

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-8226

The CVE-2018-8226 entry describes a denial-of-service in the HTTP/2 protocol stack (HTTP.sys) for Windows. Affected components include HTTP.sys on Windows Server 2016 and Windows 10/Windows 10 Servers, with the root cause being improper parsing of specially crafted HTTP/2 requests, leading to sys...

HTTP.sys Denial of Service Vulnerability

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become...

KB4284874: Windows 10 Version 1703 June 2018 Security Update

The remote Windows host is missing security update 4284874. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Human Interface Device HID Parser Library driver improperly handles objects in memory. An attacker who successfully...

KB4284860: Windows 10 June 2018 Security Update

The remote Windows host is missing security update 4284860. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Human Interface Device HID Parser Library driver improperly handles objects in memory. An attacker who successfully...

Denial of service

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-0956

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-0956

CVE-2018-0956 is a DoS vulnerability in Windows HTTP.sys’s HTTP/2 stack caused by improper parsing of crafted HTTP/2 requests. The affected product surface is Windows Server 2016 and Windows 10/Windows Server 2016-era builds that include HTTP.sys. The impact is denial of service (availability) wi...

KB4093109: Windows 10 Version 1511 April 2018 Security Update

The remote Windows host is missing security update 4093109. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file...

KLA11221 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows . Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service and possibly to bypass security restrictions. Below is a complete list of...

CVE-2016-9205

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon emsd to crash, resulting in a denial of service DoS condition. More Information: CSCvb14425. Known Affected Releases:...