2023-10-10
|
CVE-2023-44487
|
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
|
Http_server, Opensearch_data_prepper, Apisix, Solr, Tomcat, Traffic_server, Swiftnio_http\/2, Caddy, Debian_linux, H2o, Jetty, Envoy, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_next, Big\-Ip_next_service_proxy_for_kubernetes, Big\-Ip_policy_enforcement_manager, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe, Nginx, Nginx_ingress_controller, Nginx_plus, Proxygen, Fedora, Go, Http2, Networking, Grpc, Http, Istio, Jenkins, Http2, Kong_gateway, Armeria, Linkerd, \.net, Asp\.net_core, Azure_kubernetes_service, Cbl\-Mariner, Visual_studio_2022, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Astra_control_center, Netty, Nghttp2, Node\.js, Contour, 3scale_api_management_platform, Advanced_cluster_management_for_kubernetes, Advanced_cluster_security, Ansible_automation_platform, Build_of_optaplanner, Build_of_quarkus, Ceph_storage, Cert\-Manager_operator_for_red_hat_openshift, Certification_for_red_hat_enterprise_linux, Cost_management, Cryostat, Decision_manager, Enterprise_linux, Fence_agents_remediation_operator, Integration_camel_for_spring_boot, Integration_camel_k, Integration_service_registry, Jboss_a\-Mq, Jboss_a\-Mq_streams, Jboss_core_services, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Logging_subsystem_for_red_hat_openshift, Machine_deletion_remediation_operator, Migration_toolkit_for_applications, Migration_toolkit_for_containers, Migration_toolkit_for_virtualization, Network_observability_operator, Node_healthcheck_operator, Node_maintenance_operator, Openshift, Openshift_api_for_data_protection, Openshift_container_platform, Openshift_container_platform_assisted_installer, Openshift_data_science, Openshift_dev_spaces, Openshift_developer_tools_and_services, Openshift_distributed_tracing, Openshift_gitops, Openshift_pipelines, Openshift_sandboxed_containers, Openshift_secondary_scheduler_operator, Openshift_serverless, Openshift_service_mesh, Openshift_virtualization, Openstack_platform, Process_automation, Quay, Run_once_duration_override_operator, Satellite, Self_node_remediation_operator, Service_interconnect, Service_telemetry_framework, Single_sign\-On, Support_for_spring_boot, Web_terminal, Traefik, Varnish_cache
|
7.5
|
|
|
2023-11-14
|
CVE-2023-36049
|
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
|
\.net, \.net_framework, Visual_studio_2022
|
9.8
|
|
|
2023-11-14
|
CVE-2023-36558
|
ASP.NET Core - Security Feature Bypass Vulnerability
|
\.net, Asp\.net_core, Visual_studio_2022
|
5.5
|
|
|
2023-11-14
|
CVE-2023-36042
|
Visual Studio Denial of Service Vulnerability
|
Visual_studio_2019, Visual_studio_2022
|
5.5
|
|
|
2023-11-14
|
CVE-2023-36038
|
ASP.NET Core Denial of Service Vulnerability
|
\.net, Asp\.net_core, Visual_studio_2022
|
7.5
|
|
|
2020-09-15
|
CVE-2020-8927
|
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
|
Ubuntu_linux, Debian_linux, Fedora, Brotli, \.net, \.net_core, Powershell, Visual_studio_2019, Visual_studio_2022, Leap
|
6.5
|
|
|
2022-05-10
|
CVE-2022-23267
|
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.
|
Fedora, \.net, \.net_core, Powershell, Visual_studio_2019, Visual_studio_2022
|
7.5
|
|
|
2022-05-10
|
CVE-2022-29117
|
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.
|
Fedora, \.net, \.net_core, Visual_studio_2019, Visual_studio_2022
|
7.5
|
|
|
2022-05-10
|
CVE-2022-29145
|
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117.
|
Fedora, \.net, \.net_core, Visual_studio_2019, Visual_studio_2022
|
7.5
|
|
|
2022-06-15
|
CVE-2022-30184
|
.NET and Visual Studio Information Disclosure Vulnerability.
|
Fedora, \.net, \.net_core, Nuget, Visual_studio_2019, Visual_studio_2022
|
5.5
|
|
|