HPE Superdome Flex Servers; HPE Superdome Flex 280 Servers Security Vulnerabilities

Fedora 40 : golang-github-onsi-ginkgo-2 (2023-1c1be955d7)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1c1be955d7 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...

Fedora 40 : golang-github-nats-io / golang-github-nats-io-jwt-2 / etc (2023-5f984129b2)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-5f984129b2 advisory. NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge...

Fedora 38 : python2.7 (2023-01b481a31e)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-01b481a31e advisory. An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490)...

Amazon Linux 2023 : java-22-amazon-corretto, java-22-amazon-corretto-devel, java-22-amazon-corretto-headless (ALAS2023-2024-601)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-601 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...

Oracle Linux 7 : tigervnc (ELSA-2024-2080)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2080 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when...

Apache Tomcat 8.5.0 < 8.5.64 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.64. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.64_security-8 advisory. Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly...

Apache Tomcat 9.0.0.M1 < 9.0.44 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.44. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.44_security-9 advisory. Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly...

Fedora 40 : golang-github-prometheus-prom2json (2023-14a33318b8)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-14a33318b8 advisory. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP...

Fedora 40 : gitleaks (2024-4901258366)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4901258366 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...

Fedora 37 : pypy3.8 (2023-943556a733)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-943556a733 advisory. The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to...

Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2024-600)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-600 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...

Fedora 40 : golang-github-rogpeppe-internal (2023-9177748962)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9177748962 advisory. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP...

Fedora 40 : xq (2024-e9ca3462aa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e9ca3462aa advisory. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an...

Fedora 40 : golang-gvisor (2024-80e062d21a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-80e062d21a advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...

Fedora 40 : xorg-x11-server-Xwayland (2024-01a9916e9e)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-01a9916e9e advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when...

AlmaLinux 8 : tigervnc (ALSA-2024:2037)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2037 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped...

RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2023:6179)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6179 advisory. snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) maven-shared-utils: Command...

RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2023:5982)

The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5982 advisory. openssl: c_rehash script allows command injection (CVE-2022-1292) openssl: the c_rehash script allows command injection...

RHEL 8 : openshift-pipelines-client (RHSA-2023:6781)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6781 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 7 / 8 / 9 : OpenShift Virtualization 4.13.6 RPMs (RHSA-2023:7521)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7521 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2:...

RHEL 8 / 9 : OpenShift Container Platform 4.12.39 (RHSA-2023:5679)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5679 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple...

RHEL 8 : Red Hat OpenShift Pipelines Client tkn for 1.12.1 (RHSA-2023:6059)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6059 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) kube-apiserver: Bypassing policies imposed by the...

RHEL 8 : openshift-gitops-kam (RHSA-2023:6782)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6782 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 : Release of OpenShift Serverless Client kn 1.30.2 (RHSA-2023:6298)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6298 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate chains...

RHEL 8 / 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6840 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate...

RHEL 8 : Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) (RHSA-2023:5970)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5970 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 : Red Hat OpenShift Pipelines Client tkn for 1.10.6 (RHSA-2023:7699)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7699 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 : Red Hat OpenShift Container Storage 4.6 update (Moderate) (RHSA-2020:5606)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5606 advisory. golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) golang: data race...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Important) (RHSA-2023:5805)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5805 advisory. golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409) golang: net/http, x/net/http2:...

RHEL 8 : OpenShift Container Platform 4.11.52 (RHSA-2023:5717)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5717 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 7 / 8 : OpenShift Virtualization 4.9.0 RPMs (RHSA-2021:4103)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4103 advisory. golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) golang: ReadUvarint and...

RHEL 8 : Satellite 6.12.5.2 Async Security Update (Important) (RHSA-2023:5979)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5979 advisory. openssl: c_rehash script allows command injection (CVE-2022-1292) openssl: the c_rehash script allows command injection (CVE-2022-2068) ...

RHEL 8 : Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) (RHSA-2023:5964)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5964 advisory. golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) golang: net/http, mime/multipart: denial of service from...

RHEL 8 : Satellite 6.13.5 Async Security Update (Important) (RHSA-2023:5931)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5931 advisory. openssl: c_rehash script allows command injection (CVE-2022-1292) openssl: the c_rehash script allows command injection (CVE-2022-2068) ...

Fedora 39 : golang-gvisor (2024-9cc0e0c63e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9cc0e0c63e advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...

Fedora 38 : golang-gvisor (2024-d652859efb)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d652859efb advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...

RHEL 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6839)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6839 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) (RHSA-2023:5967)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5967 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 7 / 8 : Satellite 6.11.5.6 async (RHSA-2023:5980)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5980 advisory. openssl: c_rehash script allows command injection (CVE-2022-1292) openssl: the c_rehash script allows command injection...

RHEL 9 : openshift-gitops-kam (RHSA-2023:7344)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7344 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 : Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) (RHSA-2023:5965)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5965 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate chains...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory. snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) maven-shared-utils: Command...

RHEL 8 / 9 : skupper-cli and skupper-router (RHSA-2023:6165)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6165 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple...

RHEL 7 / 8 : Red Hat OpenStack Platform (openstack-swift) (RHSA-2023:1277)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1277 advisory. OpenStack Object Storage (swift) aggregates commodity servers to work together in clusters for reliable, redundant, and large-scale...

Denial Of Service (DoS)

putty is vulnerable to Denial Of Service (DoS). The vulnerability is due to remote SSH-1 servers accessing freed memory locations via an SSH1_MSG_DISCONNECT message in PuTTY, allows remote SSH-1 servers to trigger a denial of service...

K000139423 : OpenJDK vulnerabilities CVE-2024-21002, CVE-2024-21003, and CVE-2024-21004

Security Advisory Description CVE-2024-21002 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to...

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. curl: TLS session resumption client cert bypass (CVE-2016-5419) curl: Re-using connection with wrong client cert (CVE-2016-5420) ...

Exploit for Out-of-bounds Write in F5 Nginx Ingress Controller

evilMP4 Explore CVE-2022-41741 with the Evil MP4 repository....

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who...