Lucene search
K

363 matches found

RedHat Linux
RedHat Linux
added 2023/10/24 12:18 p.m.5 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/24 12:2 p.m.48 views

Important: Red Hat Security Advisory: Logging Subsystem 5.5.17 - Red Hat OpenShift security update

Logging Subsystem 5.5.17 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS7AI score0.99999EPSS
Exploits21References6
RedHat Linux
RedHat Linux
added 2023/10/24 9:41 a.m.61 views

Important: Red Hat Security Advisory: RHACS 4.0 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.5CVSS7AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.48 views

RHEL 9 : toolbox (RHSA-2023:6077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6077 advisory. The rhel9/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References9
Oracle linux
Oracle linux
added 2023/10/24 12:0 a.m.59 views

tomcat security update

1:9.0.62-5.2 - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...

5CVSS8.1AI score0.99999EPSS
Exploits19
RedHat Linux
RedHat Linux
added 2023/10/23 9:57 p.m.56 views

Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines 1.12.1 release and security update

Red Hat OpenShift Pipelines 1.12.1 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

7.5CVSS7AI score0.99999EPSS
Exploits19References6
RedHat Linux
RedHat Linux
added 2023/10/23 9:20 p.m.6 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/23 9:20 p.m.62 views

Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security update

Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS7AI score0.99999EPSS
Exploits19References6
RedHat Linux
RedHat Linux
added 2023/10/23 9:13 p.m.4 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/23 7:21 p.m.68 views

Important: Red Hat Security Advisory: Cost Management security update

An update for costmanagement-metrics-operator-bundle-container and costmanagement-metrics-operator-container is now available for Cost Management for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

7.5CVSS8.4AI score0.99999EPSS
Exploits19References16
RedHat Linux
RedHat Linux
added 2023/10/23 6:31 p.m.56 views

Important: Red Hat Security Advisory: Self Node Remediation Operator 0.7.1 security update

This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.5CVSS7AI score0.99999EPSS
Exploits19References4
RedHat Linux
RedHat Linux
added 2023/10/23 6:30 p.m.46 views

Important: Red Hat Security Advisory: Node Maintenance Operator 5.0.1 security update

This is an updated version of the Node Maintenance Operator. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.5CVSS7AI score0.99999EPSS
Exploits19References4
RedHat Linux
RedHat Linux
added 2023/10/23 2:17 p.m.9 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/23 2:17 p.m.66 views

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.2.2 release and security update

Red Hat AMQ Streams 2.2.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS7AI score0.99999EPSS
Exploits19References3
RedHat Linux
RedHat Linux
added 2023/10/23 12:5 p.m.4 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/23 12:0 p.m.7 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/23 9:16 a.m.50 views

Important: Red Hat Security Advisory: varnish security update

An update for varnish is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References3
RedHat Linux
RedHat Linux
added 2023/10/23 9:16 a.m.4 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
OSV
OSV
added 2023/10/23 7:18 a.m.17 views

SUSE-SU-2023:4155-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...

7.5CVSS7.8AI score0.99999EPSS
Exploits19References9
OSV
OSV
added 2023/10/23 12:0 a.m.48 views

ALSA-2023:5989 Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
Rows per page
Query Builder