EUVD-2019-5973

Malware in sbrugna...

EUVD-2020-30307

Malware in sbrugna...

EUVD-2023-2399

Malicious code in bioql PyPI...

EUVD-2023-44263

Malicious code in bioql PyPI...

BIT-TOMCAT-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

CVE-2025-53531 WeGIA allows Uncontrolled Resource Consumption via the fid parameter

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...

ROS-20250619-04

Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...

CVE-2023-27270

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain...

CVE-2020-9501

Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in...

Denial Of Service (DoS)

golang.org/x/crypto are vulnerable to a Denial Of Service DoS. The vulnerability is due to incomplete or slow key exchanges, which cause pending content to be read into memory but never transmitted, allowing an attacker to consume server resources and cause a denial of service...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in HTTP/2 protocol

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of HTTP/2 protocol Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited i...

BIT-NODE-MIN-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

BIT-NGINX-INGRESS-CONTROLLER-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

CBL Mariner 2.0 Security Update: blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd (CVE-2023-39325)

The version of blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-39325 advisory. - A malicious HTTP/2 client which rapidly creates...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component (CVE-2023-44487).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component. k8sio apiMachinery is utilized for handling Kubernetes API interactions, facilitating streamlined communication with Kubernetes clusters within event-driven applications. Vulnerability...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1797)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

RHEL 9 : odo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working CVE-2022-32148 Note that...

Fedora 40 : varnish (2023-2cc6f607b9)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2cc6f607b9 advisory. Automatic update for varnish-7.4.2-1.fc40. Changelog Wed Nov 8 2023 Ingvar Hagelund - 7.4.2-1 - New upstream release. A security release - Includes fix for...

Fedora 40 : gh (2023-5852a1cc3f)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-5852a1cc3f advisory. Automatic update for gh-2.39.1-1.fc40. Changelog Wed Nov 15 2023 Mikel Olasagasti Uranga - 2.39.1-1 - Update to 2.39.1 - Closes rhbz2249773 rhbz2248270 Tenab...

Fedora 40 : dnsx (2023-2e09477fbc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2e09477fbc advisory. Automatic update for dnsx-1.1.6-1.fc40. Changelog Thu Nov 16 2023 Mikel Olasagasti Uranga - 1.1.6-1 - Update to 1.1.6 - Closes rhbz2249448 rhbz2248264 Tenabl...