CVE-2020-5871

On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...

Fedora 39 : prometheus-podman-exporter (2023-b75ee820ce)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b75ee820ce advisory. release v1.5.0 + security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Important: Red Hat Security Advisory: RHACS 4.0 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

GO-2022-0288 Unbounded memory growth in net/http and golang.org/x/net/http2

An attacker can cause unbounded memory growth in servers accepting HTTP/2 requests...