134 matches found
EUVD-2019-5973
Malware in sbrugna...
EUVD-2020-30307
Malware in sbrugna...
EUVD-2023-44263
Malicious code in bioql PyPI...
EUVD-2023-2399
Malicious code in bioql PyPI...
BIT-TOMCAT-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
CVE-2025-53531 WeGIA allows Uncontrolled Resource Consumption via the fid parameter
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...
ROS-20250619-04
Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...
CVE-2023-27270
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain...
CVE-2020-9501
Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in...
Denial Of Service (DoS)
golang.org/x/crypto are vulnerable to a Denial Of Service DoS. The vulnerability is due to incomplete or slow key exchanges, which cause pending content to be read into memory but never transmitted, allowing an attacker to consume server resources and cause a denial of service...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in HTTP/2 protocol
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of HTTP/2 protocol Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited i...
BIT-NODE-MIN-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
BIT-NGINX-INGRESS-CONTROLLER-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
CBL Mariner 2.0 Security Update: blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd (CVE-2023-39325)
The version of blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-39325 advisory. - A malicious HTTP/2 client which rapidly creates...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component (CVE-2023-44487).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component. k8sio apiMachinery is utilized for handling Kubernetes API interactions, facilitating streamlined communication with Kubernetes clusters within event-driven applications. Vulnerability...
RHEL 9 : odo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working CVE-2022-32148 Note that...
EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1797)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
Fedora 40 : xq (2024-e9ca3462aa)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e9ca3462aa advisory. Automatic update for xq-1.2.4-2.fc40. Changelog Sun Feb 11 2024 Maxwell G - 1.2.4-2 - Rebuild for golang 1.22.0 Sun Feb 11 2024 Mikel Olasagasti...
Fedora 40 : dnsx (2023-2e09477fbc)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2e09477fbc advisory. Automatic update for dnsx-1.1.6-1.fc40. Changelog Thu Nov 16 2023 Mikel Olasagasti Uranga - 1.1.6-1 - Update to 1.1.6 - Closes rhbz2249448 rhbz2248264 Tenabl...
Fedora 40 : golang-github-nats-io / golang-github-nats-io-jwt-2 / etc (2023-5f984129b2)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-5f984129b2 advisory. Updated NATS stack for CVE-2023-39325 and CVE-2023-46129 Tenable has extracted the preceding description block directly from the Fedora security...