Debian dla-4387 : libqt5concurrent5 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4387 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4387-1 [email protected] https://www.debian.org/lts/security/...

Ubuntu 20.04 LTS / 22.04 LTS : H2O vulnerability (USN-7892-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7892-1 advisory. It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to...

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency Vulnerability in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an unauthenticated attacker ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163.

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous,...

container-tools:4.0 security and bug fix update

An update is available for module.crun, fuse-overlayfs, module.slirp4netns, python-podman, module.runc, container-selinux, module.podman, module.udica, module.fuse-overlayfs, cockpit-podman, module.conmon, containers-common, libslirp, criu, module.containers-common, crun, module.libslirp,...

Ubuntu: Security Advisory (USN-7892-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7892-1 h2o vulnerability

It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to crash, resulting in a denial of service...

TencentOS Server 3: container-tools (TSSA-2023:0111)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0111 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: nodejs (TSSA-2025:0324)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0324 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: nodejs:16 (TSSA-2024:0107)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0107 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-55163 was introduced in 9.12.1, 9.12.2, 9.12.3, 9.12.4, 9.12.5, 9.12.6, 9.12.7, 9.12.8, 9.12.9, 9.12.10, 9.12.11, 9.12.12, 9.12.13, 9.12.14, 9.12.15, 9.12.16, 9.12.17, 9.12.18, 9.12.19, 9.12.22, 9.12.23, 9.12.24, 9.12.25,...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2023-35945)

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the GOAWA...

EulerOS 2.0 SP12 : mod_http2 (EulerOS-SA-2025-2366)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 ( CVE-2025-36047)

Summary WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 CVE-2025-36047 Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a...

Astra Linux - уязвимость в haproxy

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...

SUSE CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105 Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...