Lucene search
K

18 matches found

SUSE Linux
SUSE Linux
added 2025/02/03 8:46 a.m.6 views

Security update for nghttp2

This update for nghttp2 fixes the following issues: CVE-2024-28182: Fixed denial of service via http/2 continuation frames bsc1221399 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

7.5CVSS7.3AI score0.8496EPSS
Exploits1References4
OSV
OSV
added 2024/06/04 9:49 a.m.37 views

BIT-NODE-2024-27983

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...

8.2CVSS6.8AI score0.87211EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.36 views

SUSE SLES15: apache2 / apache2-devel / apache2-doc / apache2-prefork / etc (SUSE-SU-2024:1788-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1788-1 advisory. - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code bsc1222330. - CVE-2024-24795: Fixed handlin...

7.5CVSS7.1AI score0.91327EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2024/05/09 12:0 a.m.34 views

RHEL 8 : nodejs:20 (RHSA-2024:2778)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2778 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.2CVSS7AI score0.87211EPSS
Exploits2References12
Rockylinux
Rockylinux
added 2024/05/06 1:4 p.m.31 views

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

3.7CVSS7.3AI score0.00759EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.32 views

Amazon Linux 2 : firefox (ALASFIREFOX-2024-024)

The version of firefox installed on the remote host is prior to 115.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-024 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...

8.8CVSS8AI score0.047EPSS
Exploits1References16
Ubuntu
Ubuntu
added 2024/04/24 4:43 a.m.54 views

USN-6747-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-3852, CVE-2024-3864,...

8.8CVSS7.9AI score0.00847EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/04/22 8:58 a.m.28 views

Low: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.8CVSS7AI score0.00847EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.29 views

Debian dla-3790 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3790 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3790-1 [email protected]...

8.8CVSS7.6AI score0.00847EPSS
Exploits2References18
Mozilla
Mozilla
added 2024/04/16 12:0 a.m.114 views

Security Vulnerabilities fixed in Firefox 125 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. Memory corruption in the networking stack could have led to a potentially exploitable crash. A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage...

8.8CVSS7.9AI score0.00857EPSS
Exploits0References17Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/14 12:0 a.m.29 views

Debian dsa-5659 : trafficserver - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5659 advisory. - HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 a...

7.5CVSS7.9AI score0.94615EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/04/10 12:7 p.m.30 views

CVE-2024-31309 Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

6.7AI score0.94615EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/04/09 1:6 a.m.25 views

CVE-2024-27983

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...

8.2CVSS8.2AI score0.87211EPSS
Exploits1References5
Citrix
Citrix
added 2024/04/09 12:0 a.m.6 views

Impact of HTTP/2 CONTINUATION frames being utilized for DoS attacks on Cloud Software Group Products

Cloud Software Group is aware of the reports describing HTTP/2 CONTINUATION frames being utilized for DoS attacks. HTTP/2 CONTINUATION frames can be utilized for DoS attacks HTTP/2 CONTINUATION Flood Cloud Software Group continues to investigate any potential impact on Cloud Software Group-manage...

7.1AI score
Exploits0
OSV
OSV
added 2024/04/08 1:11 p.m.9 views

SUSE-SU-2024:1167-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames bsc1221399...

5.3CVSS5.5AI score0.8496EPSS
Exploits1References3
OSV
OSV
added 2024/04/08 11:28 a.m.8 views

SUSE-SU-2024:1161-1 Security update for go1.21

This update for go1.21 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames bsc1221400 Other changes: - go minor release upgrade to 1.21.9 bsc1212475...

7.5CVSS7.8AI score0.91969EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/04/03 6:49 p.m.15 views

amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames

Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...

7.3AI score
Exploits0References3Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.24 views

Denial of Service via HTTP/2 CONTINUATION Frames

amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...

8.2CVSS7.8AI score0.83244EPSS
Exploits1Affected Software1
Rows per page
Query Builder