AZL-44124 CVE-2023-44487 affecting package podman for versions less than 5.6.1-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34682 CVE-2023-44487 affecting package etcd for versions less than 3.5.6-11

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31348 CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34591 CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31498 CVE-2023-44487 affecting package telegraf for versions less than 1.27.3-3

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31307 CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34827 CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31292 CVE-2023-44487 affecting package azcopy for versions less than 10.15.0-13

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-31332 CVE-2023-44487 affecting package nghttp2 for versions less than 1.57.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-34609 CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35436 CVE-2023-44487 affecting package docker-buildx for versions less than 0.14.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35097 CVE-2023-44487 affecting package packer for versions less than 1.8.1-14

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

CVE-2023-40534

When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTPREQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached...

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service DDoS attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability CVE-2023-44487 impacts any internet exposed HTTP/2 endpoints. As an...

Apache HTTP/2 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management and other functions. A denial of service vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause a denial o...

libvpx: crash related to VP9 encoding in libvpx

A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a w...

SICK APU Security Vulnerability

SICK APU is a railroad analysis system from SICK, Germany. A security vulnerability exists in the SICK APU RDT400 that stems from an arbitrary file download vulnerability. The vulnerability can be exploited by an attacker to download arbitrary files from a server via HTTP requests...

Dell SmartFabric Storage Software 安全漏洞

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. Dell SmartFabric Storage Software version 1.4 suffers from an HTML injection vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

USN-6414-1 python-django vulnerability

Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...

libvpx: Heap buffer overflow in vp8 encoding in libvpx

A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a w...