Early 2025 DDoS Attacks Signal a Dangerous Trend in Cybersecurity

As we enter 2025, the threat landscape continues to evolve, with Distributed Denial of Service DDoS attacks growing in both scale and sophistication. So far this year, we’ve already seen several major DDoS attacks over 5 million Requests Per Second RPS, signaling a concerning trend for...

SUSE: Security Advisory (SUSE-SU-2025:0282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:0283-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack bsc1216171 - CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information bsc1229155...

SUSE-SU-2025:0282-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack bsc1216171 - CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information bsc1229155...

SUSE SLES15 Security Update : nginx (SUSE-SU-2025:0282-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0282-1 advisory. - CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack bsc1216171 - CVE-2024-7347: Fixed worker crashes on special crafted mp4 files...

SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.27 (SUSE-SU-2024:3098-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3098-1 advisory. Update kubernetes to version 1.27.16 - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf...

SUSE-SU-2024:3097-1 Security update for kubernetes1.28

This update for kubernetes1.28 fixes the following issues: Update kubernetes to version 1.28.13: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf bsc1229867 - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. Th...

SUSE-SU-2024:3094-1 Security update for kubernetes1.26

This update for kubernetes1.26 fixes the following issues: Update kubernetes to version 1.26.15: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf bsc1229867 - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. Th...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2024-1061)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - When a...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2023-3302)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - When a...

varnish -- HTTP/2 Rapid Reset Attack

Varnish Cache Project reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large volume of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the...

[SECURITY] [DLA 3645-1] trafficserver security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3645-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk November 05, 2023 https://wiki.debian.org/LTS -...

SUSE-SU-2023:4200-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. bsc1216174...

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

How to mitigate the HTTP/2 Rapid Reset vulnerability (CVE-2023-44487) on NetScaler

Advise how to mitigate the HTTP/2 Rapid Reset vulnerability on NetScaler...

io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

A client might overload the server by issue frequent RST frames. This can cause a massive amount of load on the remote system and so cause a DDOS attack. Impact This is a DDOS attack, any http2 server is affected and so you should update as soon as possible. Patches This is patched in version...

Apache Tomcat 8.5.0 < 8.5.94 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.94. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.94security-8 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, fro...