4433 matches found
RHEL 7 : go-toolset-1.19 and go-toolset-1.19-golang (RHSA-2023:5719)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5719 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http,...
Fedora: Security Advisory for nghttp2 (FEDORA-2023-ed2642fd58)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ALSA-2023:5709 Important: dotnet7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12...
ALSA-2023:5713 Moderate: nginx:1.22 security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...
Moderate: nginx:1.20 security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...
[SECURITY] Fedora 38 Update: nghttp2-1.52.0-2.fc38
This package contains the HTTP/2 client, server and proxy programs...
HTTP/2 Zero-Day Exploited for the Most Explosive DDoS Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in HTTP/2 has been actively exploited in August, introducing a novel DDoS technique referred as "Rapid Reset". The attack, utilizing CVE-2023-44487, exploits a vulnerabili...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4068-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4068-1 advisory. - Update to go1.20.10 bsc1206346 - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2023:4069-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4069-1 advisory. - Update to go1.21.3 bsc1212475 - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a...
FreeBSD : traefik -- Resource exhaustion by malicious HTTP/2 client (7a1b2624-6a89-11ee-af06-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a1b2624-6a89-11ee-af06-5404a68ad561 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cau...
Debian dla-3617 : libtomcat9-embed-java - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3617 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3617-2 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 3617-1] tomcat9 security update
Debian LTS Advisory DLA-3617-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 13, 2023 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u9 CVE ID : CVE-2023-24998 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648 Several...
HTTP/2 Rapid Reset: A New Protocol Vulnerability Will Haunt the Web for Years
Dubbed “HTTP/2 Rapid Reset,” the flaw requires issuing patches to virtually every web server around the world before the problem can be eradicated...
F5 Networks BIG-IP HTTP/2 DoS (K000133467)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1. It is, therefore, affected by a vulnerability as referenced in the K000133467 advisory. Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate when a client-side HTTP/2...
Friday October 13 2023 Security Releases
Friday October 13 2023 Security Releases Update 13-October-2023 Security releases available Updates are now available for the v18.x and v20.x Node.js release lines for the following issues. undici - Cookie headers are not cleared in cross-domain redirect in undici-fetch Low - CVE-2023-45143 Undic...
F5 Networks BIG-IP : HTTP/2 vulnerability (K000137106)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000137106 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellati...
Security Update for Microsoft .NET 7 Core (October 2023)
The version of Microsoft .NET 7 Core installed on the remote host is prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023Oct10 advisory. - A vulnerability exists in the ASP.NET Core Kestrel web server where a malicious client may flood the server with...
Security Updates for Microsoft Visual Studio Products (October 2023)
The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple denial of service vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services...
[SECURITY] [DSA 5522-2] tomcat9 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-5522-2 [email protected] https://www.debian.org/security/ Markus Koschany October 12, 2023 https://www.debian.org/security/faq -...
Top resources for Cybersecurity Awareness Month
Welcome to this weeks edition of the Threat Source newsletter. I didnt feel like I wanted to write anything special or witty this week given the current events in Israel and the Gaza Strip, but I will certainly advocate for any assistance readers would like to provide to the various organizations...