Lucene search
K

83 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/20 12:0 a.m.80 views

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2024-526)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-526 advisory. 2024-02-29: CVE-2023-39326 was added to this advisory. 2024-02-29: CVE-2023-39325 was added to this advisory. 2024-02-29: CVE-2023-49568 was added to this advisory. The HTTP/2 protocol allows a...

9.8CVSS7.1AI score0.03796EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/02/15 12:0 a.m.5 views

PT-2024-2655 · Libcurl +12 · Libcurl +12

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to a memory leak in libcurl when handling HTTP/2 server push. When the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts...

8.6CVSS6.7AI score0.36081EPSS
Exploits10References123
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.52 views

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-3299)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

8.1CVSS7.6AI score0.99999EPSS
Exploits19References7
Tenable Nessus
Tenable Nessus
added 2023/12/01 12:0 a.m.23 views

Fedora 37 : golang-github-openprinting-ipp-usb (2023-ce2836acfa)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ce2836acfa advisory. Security fix for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/19 12:0 a.m.35 views

Fedora 38 : podman-tui (2023-e359fd31d2)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e359fd31d2 advisory. podman-tui v0.12.0 + security fix for CVE-2023-39325 and CVE-2022-41717 and CVE-2022-41723 Tenable has extracted the preceding description block...

7.5CVSS7.2AI score0.05623EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/11/16 12:0 a.m.21 views

Fedora 37 : pack (2023-5029b92850)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-5029b92850 advisory. fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

7.5CVSS7AI score0.03796EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.111 views

Amazon Linux 2 : docker (ALASECS-2023-019)

The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-019 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks...

9.8CVSS7.5AI score0.04561EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.25 views

Amazon Linux 2 : amazon-ecr-credential-helper (ALASNITRO-ENCLAVES-2023-033)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-033 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request...

7.5CVSS7AI score0.03796EPSS
Exploits0References4
Fedora
Fedora
added 2023/10/15 1:44 a.m.46 views

[SECURITY] Fedora 38 Update: nghttp2-1.52.0-2.fc38

This package contains the HTTP/2 client, server and proxy programs...

7.5CVSS7.1AI score0.99999EPSS
Exploits19
CVE
CVE
added 2023/10/11 9:15 p.m.3203 views

CVE-2023-39325

CVE-2023-39325 describes a DoS in HTTP/2 handling where a malicious client rapidly creates and resets requests, potentially exhausting server resources. The fix tightens per-connection concurrency handling: servers bound the number of executing handler goroutines to the stream-concurrency limit (...

7.5CVSS7.3AI score0.03796EPSS
Exploits0References43Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/05/20 12:0 a.m.39 views

AlmaLinux 8 : git-lfs (ALSA-2023:2866)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2866 advisory. - Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. Thi...

7.5CVSS7AI score0.05623EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/05/03 12:0 a.m.29 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-175)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-175 advisory. Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 cmd/go in Go before 1.16.14 and 1.17.x...

9.8CVSS7.8AI score0.05623EPSS
Exploits2References32
Tenable Nessus
Tenable Nessus
added 2023/03/18 12:0 a.m.22 views

Fedora 36 : pack (2023-0c354a3f9a)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0c354a3f9a advisory. Security fix for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.52 views

K81557381: BIG-IP HTTP/2 vulnerability CVE-2019-6673

Security Advisory Description When the BIG-IP system is configured in HTTP/2 full proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel TMM. CVE-2019-6673 Impact An attacker may be able to use a specifically crafted request to...

7.5CVSS7.5AI score0.01014EPSS
Exploits0Affected Software8
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.23 views

Fedora 36 : git-credential-oauth (2023-2663dc67d8)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2663dc67d8 advisory. Rebuild for security fix Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.130 views

RHEL 9 : go-toolset and golang (RHSA-2023:0328)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0328 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go...

7.5CVSS7.2AI score0.05623EPSS
Exploits2References13
Prion
Prion
added 2022/12/08 8:15 p.m.26 views

Design/Logic Flaw

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5CVSS6.5AI score0.05623EPSS
Exploits0References23Affected Software3
Tenable Nessus
Tenable Nessus
added 2022/08/22 12:0 a.m.32 views

Debian dla-3079 : jetty9 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3079 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3079-1 [email protected]...

7.5CVSS7.1AI score0.0227EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2022/07/07 8:35 p.m.115 views

CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...

7.5CVSS6.4AI score0.0227EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.43 views

FreeBSD : py-twisted -- multiple vulnerabilities (9fbaefb3-837e-11ea-b5b4-641c67a117d8) (Ping Flood) (Reset Flood) (Settings Flood)

Twisted developers reports : All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces...

9.8CVSS7.4AI score0.87806EPSS
Exploits4References9
Rows per page
Query Builder