Updated nghttp2 packages fix security vulnerability

nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. This update fixes the issue. This is the latest release, which will bring some more fixes and...

MGASA-2024-0135 Updated nghttp2 packages fix security vulnerability

nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. This update fixes the issue. This is the latest release, which will bring some more fixes and...

openSUSE: Security Advisory for nodejs16 (SUSE-SU-2024:1306-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 / 9 : OpenShift Container Platform 4.12.45 (RHSA-2023:7610)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7610 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2024:1309-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1309-1 advisory. - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in...

Fedora 39 : firefox (2024-121f5cec9f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-121f5cec9f advisory. - New upstream release 125.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Oracle Primavera Unifier (April 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:1301-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1301-1 advisory. - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:1319-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1319-1 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by...

openSUSE Security Advisory (SUSE-SU-2024:1309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:1305-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1305-1 advisory. - The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead t...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-6729-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-2 advisory. USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

Debian dsa-5663 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5663 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5663...

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2024:1306-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1306-1 advisory. - The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead t...

RHEL 8 : OpenShift Container Platform 4.11.54 (RHSA-2023:7481)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7481 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-24549) affects Power HMC

Summary Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper input validation by the HTTP/2 header. By sending...

Security Bulletin: Vulnerability in nghttp2 library (CVE-2023-44487) affects Power HMC

Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2...

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...