Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling...

SUSE-SU-2025:20230-1 Security update for haproxy

This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 BUG/MINOR: cfgparse-listen: fix option httpslog overrid...

Security update for haproxy

This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 BUG/MINOR: cfgparse-listen: fix option httpslog overrid...

Security update for haproxy

This update for haproxy fixes the following issues: CVE-2024-53008: Fixed HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 Other fixes: Update to version 2.8.11 Patch Instructions: To install this SUSE update use the SUSE...

This Week in Spring - December 3rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the first week of December and I am in the amazing city of Perth, Australia. Perth, for those of you who don't know, is amazing. And well worth the journey. But it is quite the journey! 27 hours, door-to-door, from San...

HTTP/3 support in Reactor 2024.0 Release Train

HTTP/3, the latest major version of the Hypertext Transfer Protocol, had its specification finalized in June 2022. This version is designed to enhance performance, reliability, and security. Unlike its predecessors, HTTP/3 utilizes QUIC instead of TCP as its transport layer. QUIC is a UDP-based,...

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code execution...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wireshark (SUSE-SU-2024:3165-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3165-1 advisory. wireshark was updated from version 3.6.23 to version 4.2.6 jscPED-8517: - Security issues fixed...

Wireshark Multiple Vulnerabilities (Jul 2024) - Mac OS X

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

Wireshark Multiple Vulnerabilities (Jul 2024) - Linux

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3 requests ...

MAL-2024-5213 Malicious code in http3-client (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in http3-client (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5092 Malicious code in dmnstnd-http3-client (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in dmnstnd-http3-client (PyPI)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

DEBIAN-CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

com.artipie.maven.resolver:maven-resolver-transport-http3 (>=v0.0.1 <=v0.0.9), com.artipie:asto-artipie (>=v1.17.2 <=v1.17.16) +32 more potentially affected by CVE-2024-22201 via org.eclipse.jetty.http3:jetty-http3-common (>=12.0.0 <=12.0.5)

org.eclipse.jetty.http3:jetty-http3-common MAVEN version =12.0.0, =v0.0.1, =v1.17.2, =v1.17.2, =v1.17.2, =v1.17.2, =0.4.1, =v1.17.2, =v1.17.2, =v1.17.2, =2.0.20, =1.2.3, =0.1.16, =1.6.0, =12.0.10, =12.0.0, =12.0.5 and more Source cves: CVE-2024-22201 Source advisory: OSV:GHSA-RGGV-CV7R-MW98...

SUSE CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

PT-2024-1647 · Nginx +1 · Nginx Oss +3

The affected software is NGINX, specifically the HTTP/3 QUIC module in NGINX Plus and NGINX OSS. When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate, potentially leading to a denial of service, related to a...