Lucene search
K

46 matches found

Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.34 views

SUSE SLES15: bind / bind-chrootenv / bind-devel / bind-devel-32bit / bind-doc / etc (SUSE-SU-2023:2578-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2578-1 advisory. bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source...

9.8CVSS6.8AI score0.68603EPSS
Exploits9References47
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.25 views

CentOS 8 : grafana-pcp (CESA-2023:2785)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:2785 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if...

7.5CVSS6.9AI score0.02607EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/10/21 12:0 a.m.39 views

Amazon Linux 2 : golang-github-godbus-dbus (ALAS-2022-1858)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1858 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

9.3CVSS7.2AI score0.0995EPSS
Exploits7References32
Amazon
Amazon
added 2022/10/11 12:0 a.m.63 views

Medium: golang

Issue Overview: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 Affected Packages: golang Note: This advisory is applicable to Amazon...

7.5CVSS7.7AI score0.02607EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/09/08 12:18 a.m.48 views

CVE-2022-27664

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

6.5CVSS7.5AI score0.02607EPSS
Exploits0References5
Prion
Prion
added 2022/09/06 6:15 p.m.28 views

Code injection

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

5CVSS7.6AI score0.02607EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2022/02/09 11:15 p.m.11 views

Integer overflow

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...

5CVSS7.5AI score0.01119EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/02/09 10:5 p.m.23 views

CVE-2022-24667

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...

7.5CVSS6.9AI score0.01119EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/06/21 12:0 a.m.79 views

Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.0.0-m10security-10 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat...

7.5CVSS7.3AI score0.24622EPSS
Exploits0References6
CNVD
CNVD
added 2021/03/11 12:0 a.m.10 views

F5 BIG-IP HTTP Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to trigger a denial of service via an HTTP...

7.5CVSS6.7AI score0.00961EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/12/10 12:0 a.m.159 views

Apache Tomcat 9.0.0.M1 < 9.0.40 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.40. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.40security-9 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...

7.5CVSS7.3AI score0.24622EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/12/08 12:0 a.m.15 views

Apache Tomcat 10.0.0-M1 < 10.0.0-M10 Information Disclosure

The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 or 7.0.0 to 7.0.106. It is, therefore, affected by a vulnerability. Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2...

7.5CVSS6.4AI score0.24622EPSS
Exploits0References3
OSV
OSV
added 2020/12/03 7:15 p.m.14 views

CVE-2020-17527

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...

7.5CVSS7.3AI score
Exploits0References24
Apache Tomcat
Apache Tomcat
added 2020/11/17 12:0 a.m.120 views

Fixed in Apache Tomcat 9.0.40

Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...

7.5CVSS6.9AI score0.24622EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2020/11/17 12:0 a.m.75 views

Fixed in Apache Tomcat 8.5.60

Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...

7.5CVSS6.9AI score0.24622EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2020/11/17 12:0 a.m.55 views

Fixed in Apache Tomcat 10.0.0-M10

Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...

7.5CVSS6.9AI score0.24622EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2020/11/17 12:0 a.m.10 views

PT-2020-15032

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 10.0.0-M1 through 10.0.0-M9 Apache Tomcat versions 9.0.0-M1 through 9.0.39 Apache Tomcat versions 8.5.0 through 8.5.59 Description The issue allows Apache Tomcat to re-use an HTTP request header value from the previous...

10CVSS7.1AI score0.99999EPSS
Exploits196References206
RedhatCVE
RedhatCVE
added 2020/06/18 3:55 p.m.47 views

CVE-2020-11767

Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection negotiated with SNI over HTTPS to .example.com, a request for a domain concurrently configured explicitly e.g., abc.example.com is sent to the servers listening behind .example.com. The outcome shoul...

2.6CVSS1AI score0.01774EPSS
Exploits1References4
NVD
NVD
added 2020/04/15 2:15 a.m.31 views

CVE-2020-11767

Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection negotiated with SNI over HTTPS to .example.com, a request for a domain concurrently configured explicitly e.g., abc.example.com is sent to the servers listening behind .example.com. The outcome shoul...

3.1CVSS3.8AI score0.01774EPSS
Exploits1References4
CVE
CVE
added 2020/04/15 1:5 a.m.115 views

CVE-2020-11767

Istio up to 1.5.1 and Envoy up to 1.14.1 are affected by a data-leak vulnerability where a TCP connection negotiated with SNI over HTTPS to *.example.com can cause a domain-specific request (e.g., abc.example.com) to be sent via a connection reused by a forward proxy to the *.example.com host. Th...

3.1CVSS3.9AI score0.01774EPSS
Exploits1References4Affected Software2
Rows per page
Query Builder