Lucene search
K

4433 matches found

Apache Tomcat
Apache Tomcat
added 2023/10/10 12:0 a.m.73 views

Fixed in Apache Tomcat 11.0.0-M12

Important: Request smuggling CVE-2023-45648 Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. This was fixe...

7.5CVSS7.7AI score0.99999EPSS
Exploits21Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.294 views

KB5031354: Windows 11 version 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031354. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

9.8CVSS7.6AI score0.99999EPSS
Exploits20References76
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.328 views

KB5031358: Windows 11 version 21H2 Security Update (October 2023)

The remote Windows host is missing security update 5031358. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

9.8CVSS7.6AI score0.99999EPSS
Exploits20References76
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.49 views

KB5031364: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031364. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

9.8CVSS7.6AI score0.99999EPSS
Exploits20References80
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.173 views

Apache Tomcat 9.0.0.M1 < 9.0.81 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.81. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.81security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, fro...

7.5CVSS7.2AI score0.99999EPSS
Exploits21References9
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.38 views

Amazon Linux AMI : containerd (ALAS-2023-1849)

The version of containerd installed on the remote host is prior to 1.4.13-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1849 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the...

7.5CVSS7AI score0.04561EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.31 views

Amazon Linux AMI : golang (ALAS-2023-1848)

The version of golang installed on the remote host is prior to 1.20.8-1.47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1848 advisory. 2024-01-03: CVE-2023-24537 was added to this advisory. 2024-01-03: CVE-2023-29400 was added to this advisory. 2024-01-03...

9.8CVSS7.8AI score0.05623EPSS
Exploits0References32
Amazon
Amazon
added 2023/10/03 12:0 a.m.40 views

Important: golang

Issue Overview: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the...

9.8CVSS8.5AI score0.05623EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.29 views

openSUSE 15: golang-github-QubitProducts-exporter_exporter / etc (SUSE-SU-2023:3868-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3868-1 advisory. golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix...

8.8CVSS6.9AI score0.04561EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.23 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-011)

The version of tomcat installed on the remote host is prior to 8.5.58-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-011 advisory. If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the...

4.3CVSS6.9AI score0.57286EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.24 views

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-006)

The version of haproxy2 installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-006 advisory. In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write...

8.8CVSS7.9AI score0.60727EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/22 10:42 a.m.37 views

Security Bulletin: Due to the use of Golang Go, IBM Workload Scheduler is vulnerable to a denial of service.

Summary Gloang Go is used by IBM Workload Scheduler CVE-2022-41717 Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in the Go server. By sending a specially-crafted keys, a remote attacker could...

5.3CVSS6.6AI score0.05623EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/18 12:0 a.m.36 views

Oracle Linux 9 : istio (ELSA-2023-12771)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12771 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 -...

9.8CVSS6.8AI score0.00735EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2023/09/14 5:33 p.m.40 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.10 security update

Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

9.8CVSS6.7AI score0.01106EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/09/11 12:0 a.m.32 views

Oracle Linux 8 : olcne (ELSA-2023-12772)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12772 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 -...

9.8CVSS6.8AI score0.00735EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2023/09/08 12:0 a.m.49 views

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2023-339)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-339 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/08 12:0 a.m.26 views

Oracle Linux 7 : istio (ELSA-2023-12781)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12781 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. olcne - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 Tenable has...

9.8CVSS6.8AI score0.00735EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2023/09/08 12:0 a.m.38 views

Oracle Linux 8 : istio (ELSA-2023-12780)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12780 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. olcne - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 Tenable has...

9.8CVSS6.8AI score0.00735EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2023/09/08 12:0 a.m.37 views

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2023-337)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-337 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has no...

7.5CVSS6.8AI score0.04561EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/08 12:0 a.m.52 views

Amazon Linux 2023 : cni-plugins (ALAS2023-2023-338)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-338 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References8
Rows per page
Query Builder