SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2021:0649-1)

This update for nodejs12 fixes the following issues : New upstream LTS version 12.21.0 : CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 CVE-2021-22884: DNS rebinding in --inspect bsc1182620 CVE-2021-23840: OpenSSL - Integer overflow in CipherUpda...

openSUSE Security Update : nodejs12 (openSUSE-2021-357)

This update for nodejs12 fixes the following issues : New upstream LTS version 12.21.0 : - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 - CVE-2021-22884: DNS rebinding in --inspect bsc1182620 - CVE-2021-23840: OpenSSL - Integer overflow in...

Security update for nodejs12 (important)

openSUSE Security Update: Security update for nodejs12 Announcement ID: openSUSE-SU-2021:0357-1 Rating: important References: 1182333 1182619 1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVE-2021-23840 CVSS scores: CVE-2021-22883 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

Security update for nodejs14 (important)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2021:0356-1 Rating: important References: 1182619 1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVSS scores: CVE-2021-22883 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22884 SUSE: 5.8...

February 2021 Security Releases

February 2021 Security Releases Update 23-Feb-2021 Security releases available Updates are now available for v10.x, v12.x, v14.x and v15.x Node.js release lines for the following issues. HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Critical CVE-2021-22883 Affected Node.j...

Security fix for the ALT Linux 10 package node version 14.16.0-alt1

Feb. 23, 2021 Vitaly Lipatov 14.16.0-alt1 - new version 14.16.0 with rpmrb script - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion - CVE-2021-22884: DNS rebinding in --inspect...

Node.js -- February 2021 Security Releases

Node.js reports: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Critical CVE-2021-22883 Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file...

Security update for nodejs14 (moderate)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2021:0066-1 Rating: moderate References: 1178882 1180553 1180554 Cross-References: CVE-2020-8265 CVE-2020-8277 CVE-2020-8287 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is now...

Denial Of Service (DoS)

dotnet is vulnerable to denial of service DoS. The vulnerability exists through ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2...

Important: Red Hat Security Advisory: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

CVE-2021-1723

A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability...

Important: Red Hat Security Advisory: dotnet5.0 security and bugfix update

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update

An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: dotnet3.1 security and bugfix update

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 : .NET 5.0 on Red Hat Enterprise Linux (RHSA-2021:0096)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0096 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

RHEL 8 : dotnet5.0 (RHSA-2021:0094)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0094 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

PT-2021-1575 · Microsoft +3 · Visual Studio +5

Name of the Vulnerable Software and Affected Versions: ASP.NET Core and Visual Studio affected versions not specified Description: The issue is related to insufficient input validation in ASP.NET Core and Visual Studio, which can lead to a denial-of-service condition. This can be exploited by a...

Emp3R0R - Linux Post-Exploitation Framework Made By Linux User

linux post-exploitation framework made by linux user Still under active development 中文介绍 check my blog for updates how to use what to expect in future releases packer: cryptor + memfdcreate packer: use shmopen in older Linux kernels dropper: shellcode injector - python injector: inject shellcode...

SUSE-SU-2021:0040-1 Security update for tomcat

This update for tomcat fixes the following issues: Security issues fixed: - CVE-2020-13943: Fixed a HTTP/2 Request mix-up bsc1177582. - CVE-2020-17527: Fixed a HTTP/2 request header mix-up bsc1179602. Non-security issue fixed: - Removed tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from...

SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2020:3369-1)

This update for go1.14 fixes the following issues : go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into...