492 matches found
TencentOS Server 3: nghttp2 (TSSA-2024:0318)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0318 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
SUSE: Security Advisory (SUSE-SU-2024:4401-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-24667
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...
com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +751 more potentially affected by CVE-2025-1948 via org.eclipse.jetty.http2:jetty-http2-hpack (>=12.0.0 <=12.0.16)
org.eclipse.jetty.http2:jetty-http2-hpack MAVEN version =12.0.0, =5.3.1, =2.6.0, =1.41.1, =1.1.18, =2.0.20, =3.0.0, =3.0.2, =3.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0-A1, =4.0.0-A1, =4.0.0-A1, =4.1.0, =4.2.1 and more Source cves: CVE-2025-1948 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-10118703...
Linux Distros Unpatched Vulnerability : CVE-2022-41723
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of...
OESA-2025-1170 etcd security update
%expand: Security Fixes: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.CVE-2021-28235 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.CVE-2022-3064 Etcd v3.5.4 allows remote...
OESA-2025-1169 etcd security update
%expand: Security Fixes: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.CVE-2021-28235 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.CVE-2022-3064 Etcd v3.5.4 allows remote...
OESA-2025-1168 etcd security update
%expand: Security Fixes: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.CVE-2021-28235 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.CVE-2022-3064 Etcd v3.5.4 allows remote...
SUSE CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...
grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend
A flaw was found in Google gRPC due to HPACK table poisoning between the proxy and backend so that other clients see failed requests, resulting in a denial of service. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent...
MGASA-2025-0046 Updated qtbase5 & qtbase6 packages fix security vulnerabilities
network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 A buffer overflow and application crash can occur via a crafted KTX image file. CVE-2024-25580 Code to make security-relevant decisions about an established connection may execute too early, because...
Updated qtbase5 & qtbase6 packages fix security vulnerabilities
network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 A buffer overflow and application crash can occur via a crafted KTX image file. CVE-2024-25580 Code to make security-relevant decisions about an established connection may execute too early, because...
Security update for grpc
This update for grpc fixes the following issues: CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2024:4436-1 Security update for grpc
This update for grpc fixes the following issues: - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821...
openSUSE: Security Advisory for python (SUSE-SU-2024:4428-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-grpcio (SUSE-SU-2024:4429-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4429-1 advisory. - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 -...
SUSE SLES15 Security Update : python-grpcio (SUSE-SU-2024:4428-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4428-1 advisory. - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 - CVE-2024-7246: HPACK table poisoning by...
Security update for python-grpcio
This update for python-grpcio fixes the following issues: CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 Patch Instructions: To install this SUSE update use t...
SUSE-SU-2024:4429-1 Security update for python-grpcio
This update for python-grpcio fixes the following issues: - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919...
SUSE-SU-2024:4428-1 Security update for python-grpcio
This update for python-grpcio fixes the following issues: - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919...