CVE-2024-30156

CVE-2024-30156 (Broke Window Attack) affects Varnish Cache and Varnish Enterprise 6, allowing credits exhaustion on an HTTP/2 connection control flow window. Affected versions include Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS); Varnish Enterprise 6 before 6.0.12r6. ...

Oracle Linux 8 : nodejs:16 (ELSA-2024-1444)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1444 advisory. - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging Tenable h...

AlmaLinux 8 : nodejs:16 (ALSA-2024:1444)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1444 advisory. nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled web...

EulerOS Virtualization 2.11.0 : httpd (EulerOS-SA-2024-1428)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

EulerOS Virtualization 2.11.1 : nghttp2 (EulerOS-SA-2024-1405)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1433)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1405)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1400)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : httpd (EulerOS-SA-2024-1400)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to denial of service due to golang compiler ( CVE-2023-39325 )

Summary Golang compiler is used by IBM Cloud Pak for Data Scheduling as part of the build process for the scheduler binaries . CVE-2023-39325. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption fla...

Important: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to installation denial of service due to grpc ( CVE-2023-44487 )

Summary Grpc is used by IBM Cloud Pak for Data Scheduling as part of the image catalog used for installation. CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the...

Security Bulletin: A denial of service vulnerability in WebSphere Application Server Liberty affects IBM InfoSphere Information Server (CVE-2023-44487)

Summary A denial of service vulnerability in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplex...

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled...

ALSA-2024:1444 Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled...

Jenkins LTS < 2.440.2 / Jenkins weekly < 2.444

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.440.2 or Jenkins weekly prior to 2.444. It is, therefore, affected by a vulnerability: - Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connecti...

RHEL 8 : nodejs:16 (RHSA-2024:1444)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1444 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty

Jenkins Security Advisory: Description High SECURITY-3379 / CVE-2024-22201 HTTP/2 denial of service vulnerability in bundled Jetty...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.1 release and security update

An update is now available for Red Hat JBoss Web Server 6.0.1 on Red Hat Enterprise Linux versions 8 and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...