RHEL 8 : thunderbird (RHSA-2024:1934)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1934 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla...

Low: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla: Denial of Service using HTTP/2 CONTINUATION frames CVE-2024-3302 For more details about the security issues, including the impact, a CVSS score,...

ROS-20240422-03

The Eclipse Jetty servlet container vulnerability is related to the fact that an established HTTP/2 SSL connection and a overloaded TCP will reload when the set time expires. Exploitation of the vulnerability could allow an attacker acting remotely to cause a state where a server could run out of...

Low: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla: Denial of Service using HTTP/2 CONTINUATION frames CVE-2024-3302 For more details about the security issues, including the impact, a CVSS score,...

ROS-20240422-05

The golang package vulnerability is related to errors returned from MarshalJSON methods containing data, controlled by the user. Exploitation of the vulnerability could allow an attacker acting remotely, exploit these errors to disrupt the contextual behavior of the automatic output of the packag...

Fedora 38 : firefox (2024-966e16bfa3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-966e16bfa3 advisory. - New upstream release 125.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Fedora 38 : mod_http2 (2024-1f11550e31)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1f11550e31 advisory. Security fix for CVE-2024-27316 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

[SECURITY] Fedora 38 Update: nghttp2-1.52.0-3.fc38

This package contains the HTTP/2 client, server and proxy programs...

[SECURITY] Fedora 39 Update: nghttp2-1.55.1-5.fc39

This package contains the HTTP/2 client, server and proxy programs...

Fedora 39 : nodejs20 (2024-e28ccc9c17)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e28ccc9c17 advisory. 2024-04-03, Version 20.12.1 'Iron' LTS, @RafaelGSS This is a security release Notable Changes CVE-2024-27983 - Assertion failed in...

Fedora 38 : nghttp2 (2024-ec22e51ec2)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ec22e51ec2 advisory. - fix CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Debian dsa-5667 : libtomcat9-embed-java - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5667 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:1350-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1350-1 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it...

SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2024:1346-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1346-1 advisory. - The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead t...

RHEL 8 / 9 : java-21-openjdk (RHSA-2024:1828)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1828 advisory. The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security...

[SECURITY] Fedora 40 Update: rust-h2-0.3.26-1.fc40

An HTTP/2 client and server...

[SECURITY] Fedora 40 Update: nghttp2-1.59.0-3.fc40

This package contains the HTTP/2 client, server and proxy programs...

[SECURITY] [DSA 5667-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5667-1 [email protected] https://www.debian.org/security/ Markus Koschany April 19, 2024 https://www.debian.org/security/faq -...

HTTP/2 CONTINUATION Frame Processing

firefox is vulnerable to an HTTP/2 CONTINUATION frame processing vulnerability. The vulnerability is due to an absence of limits on the number of HTTP/2 CONTINUATION frames processed, allowing a server to potentially trigger an Out of Memory condition in the browser...

SUSE-SU-2024:1346-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...