Lucene search
K

4433 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.53 views

RHEL 9 : grafana (RHSA-2023:5866)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5866 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: HTTP/2: Multip...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References8
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.49 views

RHEL 8 : grafana (RHSA-2023:5864)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5864 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golan...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References8
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.57 views

AlmaLinux 9 : grafana (ALSA-2023:5867)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:5867 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.70 views

CentOS 8 : nodejs:18 (CESA-2023:5869)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:5869 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.69 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-394)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-394 advisory. Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected...

8.1CVSS7.6AI score0.99999EPSS
Exploits19References8
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.12 views

PT-2023-6452 · Apache +7 · Apache Http Server +7

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.55 through 2.4.57 Description: The issue is related to a HTTP/2 connection with an initial window size of 0, which can block handling of that connection indefinitely in Apache HTTP Server. This could be used to...

7.8CVSS7.5AI score0.99999EPSS
Exploits22References79
Oracle linux
Oracle linux
added 2023/10/19 12:0 a.m.54 views

nghttp2 security update

1.33.0-5 - fix HTTP/2 Rapid Reset CVE-2023-44487 1.33.0-4 - prevent DoS caused by overly large SETTINGS frames CVE-2020-11080...

5CVSS8.1AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.39 views

Amazon Linux AMI : nghttp2 (ALAS-2023-1869)

The version of nghttp2 installed on the remote host is prior to 1.33.0-1.1.8. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1869 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References4
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.42 views

RHEL 9 : tomcat (RHSA-2023:5929)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5929 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References6
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.61 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-393)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-393 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References4
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.78 views

AlmaLinux 9 : nghttp2 (ALSA-2023:5838)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5838 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.69 views

Oracle Linux 8 : nghttp2 (ELSA-2023-5837)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5837 advisory. - fix HTTP/2 Rapid Reset CVE-2023-44487 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.42 views

RHEL 9 : varnish (RHSA-2023:5930)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5930 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.129 views

Amazon Linux 2023 : libnghttp2, libnghttp2-devel, nghttp2 (ALAS2023-2023-392)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-392 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References4
Oracle linux
Oracle linux
added 2023/10/19 12:0 a.m.47 views

nghttp2 security update

1.43.0-5.1 - fix HTTP/2 Rapid Reset CVE-2023-44487...

5CVSS8.1AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.53 views

Amazon Linux AMI : golang (ALAS-2023-1871)

The version of golang installed on the remote host is prior to 1.20.10-1.48. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1871 advisory. Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing blocked linker and...

8.1CVSS7.7AI score0.99999EPSS
Exploits19References8
AlmaLinux
AlmaLinux
added 2023/10/19 12:0 a.m.54 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
added 2023/10/19 12:0 a.m.48 views

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
added 2023/10/19 12:0 a.m.59 views

Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References4
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.2456 views

Apache 2.4.x < 2.4.58 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory. - Apache HTTP Server: DoS in HTTP/2 with initial windows size 0: An attacker, opening a HTTP/2 connection with an initial windo...

7.5CVSS7.2AI score0.70595EPSS
Exploits1References2
Rows per page
Query Builder