Linux Distros Unpatched Vulnerability : CVE-2017-5446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. This...

Linux Distros Unpatched Vulnerability : CVE-2019-9514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23085, CVE-2025-23084 & CVE-2025-22150)

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. Vulnerability Details CVEID:CVE-2025-23085 DESCRIPTION: A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header wa...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in HTTP/2 protocol

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of HTTP/2 protocol Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited i...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2025-23085)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23085 advisory. - A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY...

CLSA-2025-1740051873 tomcat: Fix of CVE-2024-24549

CVE-2024-24549: fix improper input validation vulnerability for HTTP/2 requests...

K000149857: Apache Tomcat vulnerability CVE-2024-52317

Security Advisory Description Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through...

SUSE SLES15 / openSUSE 15 Security Update : buildah (SUSE-SU-2025:0581-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:0581-1 advisory. - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for a...

SUSE-SU-2025:0579-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227052 - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

ALSA-2025:1582 Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

AlmaLinux 9 : nodejs:18 (ALSA-2025:1446)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:1446 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2025-23085)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23085 advisory. - A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY...

RLSA-2025:1446 Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

BIT-NODE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

BIT-NODE-MIN-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

Exploit for Type Confusion in Google Chrome

CVE-2022-4174CVE-2022-41742 PoC para CVE-2022-4174CVE-2022-4...

Azure Linux 3.0 Security Update: blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd (CVE-2023-39325)

The version of blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-39325 advisory. - A malicious HTTP/2 client which rapidly creates...

Azure Linux 3.0 Security Update: azcopy / containerized-data-importer / cri-o / golang / moby-engine / prometheus / sriov-network-device-plugin (CVE-2022-41717)

The version of azcopy / containerized-data-importer / cri-o / golang / moby-engine / prometheus / sriov-network-device- plugin installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-41717 advisory. - An...

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2024-27316)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27316 advisory. - HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to genera...

CVE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...