Lucene search
K

116 matches found

OSV
OSV
added 2023/10/16 12:0 a.m.43 views

ALSA-2023:5709 Important: dotnet7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12...

7.5CVSS8.1AI score0.99999EPSS
Exploits19References4
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.20 views

Fedora 38 : aerc (2023-6cfe7492c1)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6cfe7492c1 advisory. Update to 0.15.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

5.3CVSS7AI score0.05623EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2023/05/22 12:0 a.m.24 views

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...

7.5CVSS6.7AI score0.02082EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/12/08 9:30 p.m.46 views

GHSA-XRJJ-MJ9H-534M golang.org/x/net/http2 vulnerable to possible excessive memory growth

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References25
Veracode
Veracode
added 2022/10/05 10:30 p.m.36 views

Denial Of Service (DoS)

eap7 is vulnerable to denial of service. The vulnerability exists because the lack of handling by the browser over HTTP/2 may cause overhead or application crashes. This flaw exists because of an incomplete fix for CVE-2021-3629...

7.5CVSS6.4AI score0.01175EPSS
Exploits0References7Affected Software18
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.62 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5)

The version of AOS installed on the remote host is prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5 advisory. - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the...

10CVSS7.5AI score0.99295EPSS
Exploits113References124
Github Security Blog
Github Security Blog
added 2022/05/24 4:53 p.m.34 views

golang.org/x/net/http vulnerable to a reset flood

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of stream...

7.8CVSS7.7AI score0.82813EPSS
Exploits0References74Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 8:10 p.m.50 views

Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. IBM Spectrum Control has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM WebSphere Application Server -...

7.8CVSS7.2AI score0.87806EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/04/07 12:0 a.m.46 views

Amazon Linux AMI : tomcat7 (ALAS-2021-1493)

The version of tomcat7 installed on the remote host is prior to 7.0.108-1.40. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1493 advisory. A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker...

7.5CVSS7.3AI score0.56636EPSS
Exploits15References5
OSV
OSV
added 2021/03/25 8:10 a.m.7 views

OPENSUSE-SU-2021:0468-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS bsc1181358 This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS7.7AI score0.05316EPSS
Exploits0References4
OSV
OSV
added 2021/03/24 11:11 a.m.10 views

SUSE-SU-2021:0931-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS bsc1181358...

7.5CVSS7.7AI score0.05316EPSS
Exploits0References4
OSV
OSV
added 2020/11/05 7:25 p.m.8 views

OPENSUSE-SU-2020:1842-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up bsc1177582 This update was imported from the SUSE:SLE-15-SP1:Update update project...

4.3CVSS5.9AI score0.57286EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/11/02 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-2324)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.1AI score0.57286EPSS
Exploits0References2
OSV
OSV
added 2020/10/28 10:46 a.m.10 views

SUSE-SU-2020:3069-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up bsc1177582...

4.3CVSS5AI score0.57286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/09/15 12:0 a.m.10 views

PT-2020-13794

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.0 through 8.5.57 Apache Tomcat versions 9.0.0.M1 through 9.0.37 Apache Tomcat versions 10.0.0-M1 through 10.0.0-M7 Description If an HTTP/2 client exceeds the agreed maximum number of concurrent streams for a...

10CVSS7.1AI score0.99999EPSS
Exploits194References159
RedHat Linux
RedHat Linux
added 2020/09/11 1:13 p.m.64 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.4AI score0.89744EPSS
Exploits0References2
OSV
OSV
added 2020/08/25 12:50 p.m.23 views

SUSE-SU-2020:2311-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. - CVE-2020-11984: Fixed an information disclosure bug in modproxyuwsgi bsc1175074. - CVE-2020-11993: When trace/debu...

9.8CVSS8.4AI score0.90039EPSS
Exploits4References8
OSV
OSV
added 2020/08/18 5:41 p.m.35 views

MGASA-2020-0327 Updated apache packages fix security vulnerability

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

9.8CVSS9AI score0.90039EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2020/07/21 2:34 p.m.14 views

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

7.5CVSS7.2AI score0.05316EPSS
Exploits0References5
Atlassian
Atlassian
added 2020/06/29 1:40 p.m.284 views

Upgrade Tomcat to version 9.0.37

h3. Issue Summary The current version of Tomcat 9.0.33 bundled with Confluence at least up to Confluence version 7.6 is vulnerable to HTTP/2 Denial of Service CVE-2020-11996 https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat9.0.36...

7.5CVSS0.9AI score0.87553EPSS
Exploits16Affected Software1
Rows per page
Query Builder