MiracleLinux 7 : rh-nodejs12-nodejs-12.18.2-1.el7 (AXSA:2020-219:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-219:03 advisory. ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 nodejs-minimist:...

MiracleLinux 8 : nghttp2-1.33.0-3.el8.1 (AXSA:2020-326:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-326:01 advisory. nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 4 : httpd24-nghttp2-1.7.1-8.AXS4.1 (AXSA:2020-197:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-197:02 advisory. nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 7 : httpd24-nghttp2-1.7.1-8.el7.1 (AXSA:2020-196:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-196:01 advisory. nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 Tenable has extracted the preceding description block directly from the MiracleLinux...

TencentOS Server 3: nghttp2 (TSSA-2022:0101)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0101 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0101: nghttp2 (ALINUX3-SA-2022:0101)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0101 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-9513: Some HTTP/2 implementations...

Photon OS 5.0: Cmake PHSA-2023-5.0-0035

An update of the cmake package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0035. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Rocky Linux 8 : nodejs:12 (RLSA-2020:2852)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:2852 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a...

Rocky Linux 8 : nghttp2 (RLSA-2020:2755)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2755 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious...

[SECURITY] [DLA 3621-1] nghttp2 security update

Debian LTS Advisory DLA-3621-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton October 16, 2023 https://wiki.debian.org/LTS Package : nghttp2 Version : 1.36.0-2+deb10u2 CVE ID : CVE-2020-11080 CVE-2023-44487 Debian Bug : 962145 1053769 Multiple vulnerabilities were...

Debian dla-3621 : libnghttp2-14 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3621 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3621-1 [email protected]...

Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne (ELSA-2020-5765)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5765 advisory. - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31446720 CVE-2020-0543 - x86/speculation: Add Special Regist...

BELL-CVE-2020-11080 CVE-2020-11080 does not affect BellSoft software

Bulletin has no description...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : nghttp2 vulnerability (USN-6142-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6142-1 advisory. Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

RHEL 6 / 7 : httpd24-nghttp2 (RHSA-2020:2784)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2784 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: overly large SETTIN...

RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:2895)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2895 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

AlmaLinux 8 : nghttp2 (ALSA-2020:2755)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:2755 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious clien...

Debian: Security Advisory (DLA-2786-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2786-1 : nghttp2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2786 advisory. - nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial ...

SUSE: Security Advisory (SUSE-SU-2021:0930-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...