Lucene search
K

4433 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.58 views

RHEL 7 : go-toolset-1.19 and go-toolset-1.19-golang (RHSA-2023:5719)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5719 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http,...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References7
OpenVAS
OpenVAS
added 2023/10/16 12:0 a.m.35 views

Fedora: Security Advisory for nghttp2 (FEDORA-2023-ed2642fd58)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.6AI score0.99999EPSS
Exploits19References4
OSV
OSV
added 2023/10/16 12:0 a.m.43 views

ALSA-2023:5709 Important: dotnet7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12...

7.5CVSS8.1AI score0.99999EPSS
Exploits19References4
OSV
OSV
added 2023/10/16 12:0 a.m.55 views

ALSA-2023:5713 Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
added 2023/10/16 12:0 a.m.73 views

Moderate: nginx:1.20 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References4
Fedora
Fedora
added 2023/10/15 1:44 a.m.46 views

[SECURITY] Fedora 38 Update: nghttp2-1.52.0-2.fc38

This package contains the HTTP/2 client, server and proxy programs...

7.5CVSS7.1AI score0.99999EPSS
Exploits19
hivepro
hivepro
added 2023/10/14 8:35 a.m.81 views

HTTP/2 Zero-Day Exploited for the Most Explosive DDoS Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in HTTP/2 has been actively exploited in August, introducing a novel DDoS technique referred as "Rapid Reset". The attack, utilizing CVE-2023-44487, exploits a vulnerabili...

5CVSS6.7AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2023/10/14 12:0 a.m.40 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4068-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4068-1 advisory. - Update to go1.20.10 bsc1206346 - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References7
Tenable Nessus
Tenable Nessus
added 2023/10/14 12:0 a.m.44 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2023:4069-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4069-1 advisory. - Update to go1.21.3 bsc1212475 - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References7
Tenable Nessus
Tenable Nessus
added 2023/10/14 12:0 a.m.59 views

FreeBSD : traefik -- Resource exhaustion by malicious HTTP/2 client (7a1b2624-6a89-11ee-af06-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a1b2624-6a89-11ee-af06-5404a68ad561 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cau...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References4
Tenable Nessus
Tenable Nessus
added 2023/10/14 12:0 a.m.49 views

Debian dla-3617 : libtomcat9-embed-java - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3617 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3617-2 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References4
Debian
Debian
added 2023/10/13 1:58 p.m.45 views

[SECURITY] [DLA 3617-1] tomcat9 security update

Debian LTS Advisory DLA-3617-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 13, 2023 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u9 CVE ID : CVE-2023-24998 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648 Several...

7.5CVSS7AI score0.99999EPSS
Exploits22
Wired Threat Level
Wired Threat Level
added 2023/10/13 11:0 a.m.21 views

HTTP/2 Rapid Reset: A New Protocol Vulnerability Will Haunt the Web for Years

Dubbed “HTTP/2 Rapid Reset,” the flaw requires issuing patches to virtually every web server around the world before the problem can be eradicated...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/13 12:0 a.m.31 views

F5 Networks BIG-IP HTTP/2 DoS (K000133467)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1. It is, therefore, affected by a vulnerability as referenced in the K000133467 advisory. Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate when a client-side HTTP/2...

7.5CVSS7.4AI score0.00538EPSS
Exploits0References2
Node JS Blog
Node JS Blog
added 2023/10/13 12:0 a.m.66 views

Friday October 13 2023 Security Releases

Friday October 13 2023 Security Releases Update 13-October-2023 Security releases available Updates are now available for the v18.x and v20.x Node.js release lines for the following issues. undici - Cookie headers are not cleared in cross-domain redirect in undici-fetch Low - CVE-2023-45143 Undic...

9.8CVSS7.7AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2023/10/13 12:0 a.m.81 views

F5 Networks BIG-IP : HTTP/2 vulnerability (K000137106)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000137106 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellati...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/13 12:0 a.m.137 views

Security Update for Microsoft .NET 7 Core (October 2023)

The version of Microsoft .NET 7 Core installed on the remote host is prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023Oct10 advisory. - A vulnerability exists in the ASP.NET Core Kestrel web server where a malicious client may flood the server with...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References9
Tenable Nessus
Tenable Nessus
added 2023/10/13 12:0 a.m.65 views

Security Updates for Microsoft Visual Studio Products (October 2023)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple denial of service vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References6
Debian
Debian
added 2023/10/12 8:30 p.m.78 views

[SECURITY] [DSA 5522-2] tomcat9 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-5522-2 [email protected] https://www.debian.org/security/ Markus Koschany October 12, 2023 https://www.debian.org/security/faq -...

7.5CVSS6.7AI score0.99999EPSS
Exploits19
Talos Blog
Talos Blog
added 2023/10/12 6:0 p.m.51 views

Top resources for Cybersecurity Awareness Month

Welcome to this weeks edition of the Threat Source newsletter. I didnt feel like I wanted to write anything special or witty this week given the current events in Israel and the Gaza Strip, but I will certainly advocate for any assistance readers would like to provide to the various organizations...

5CVSS8.7AI score0.99999EPSS
Exploits19
Rows per page
Query Builder