Security update for nodejs14 (moderate)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2021:0066-1 Rating: moderate References: 1178882 1180553 1180554 Cross-References: CVE-2020-8265 CVE-2020-8277 CVE-2020-8287 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is now...

Denial Of Service (DoS)

dotnet is vulnerable to denial of service DoS. The vulnerability exists through ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2...

Important: Red Hat Security Advisory: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

CVE-2021-1723

A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability...

Important: Red Hat Security Advisory: dotnet5.0 security and bugfix update

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update

An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : .NET 5.0 on Red Hat Enterprise Linux (RHSA-2021:0096)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0096 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

RHEL 8 : dotnet5.0 (RHSA-2021:0094)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0094 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

Emp3R0R - Linux Post-Exploitation Framework Made By Linux User

linux post-exploitation framework made by linux user Still under active development 中文介绍 check my blog for updates how to use what to expect in future releases packer: cryptor + memfdcreate packer: use shmopen in older Linux kernels dropper: shellcode injector - python injector: inject shellcode...

Apache 2 HTTP2 Module Concurrent Pool Usage Vulnerability

apache2: concurrent pool usage in http2 module h2mplx.c contains a number of calls to aplogcerror using m-c the master connection as an argument. These calls can trigger allocations using the m-c-pool. One example is coregeneratelogid. As some of the code in h2mplx.c is executed on a worker threa...

openSUSE Security Update : go1.14 (openSUSE-2020-2067)

This update for go1.14 fixes the following issues : - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected int...

Security update for go1.14 (moderate)

openSUSE Security Update: Security update for go1.14 Announcement ID: openSUSE-SU-2020:2047-1 Rating: moderate References: 1164903 1178750 1178752 1178753 Cross-References: CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 Affected Products: openSUSE Leap 15.1 An update that solves three vulnerabiliti...

Node.js: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion

Summary: Node.js http2 server is vulnerable against denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new...

Moderate: Red Hat Security Advisory: go-toolset-1.13-golang security and bug fix update

An update for go-toolset-1.13 and go-toolset-1.13-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Fedora: Security Advisory for mod_http2 (FEDORA-2020-b58dc5df38)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: mod_http2-1.15.14-1.fc31

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

HAProxy HTTP2 CRLF Injection (CVE-2019-19330)

A CRLF injection vulnerability exists in HAProxy HTTP2 module. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

HAProxy HTTP2 HPACK Remote Code Execution (CVE-2020-11100)

A remote code execution vulnerability exists in HAProxy. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes

A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy...

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities

Summary WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker...