SUSE-SU-2025:0282-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack bsc1216171 - CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information bsc1229155...

SUSE SLES15 Security Update : nginx (SUSE-SU-2025:0282-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0282-1 advisory. - CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack bsc1216171 - CVE-2024-7347: Fixed worker crashes on special crafted mp4 files...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy Proxy Envoy denial of service vulnerabilitiy(CVE-2024-30255)

Summary Potential Envoy Proxy Envoy denial of service vulnerabilitiyCVE-2024-30255 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-30255 DESCRIPTION: Envoy Pro...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy Proxy Envoy denial of service vulnerabilitiy.(CVEID: CVE-2024-27919)

Summary PotentialEnvoy Proxy Envoy denial of service vulnerabilitiy.CVEID: CVE-2024-27919 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27919 DESCRIPTION:...

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: A...

CVE-2025-21549

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful...

PT-2025-4271 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server version 14.1.1.0.0 Description: The issue allows an unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks can result in the unauthorized ability to cause a hang...

openSUSE Security Advisory (SUSE-SU-2025:0033-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:0033-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0033-1 advisory. Update to Tomcat 10.1.34 - Fixed CVEs: - CVE-2024-54677: DoS in examples web application bsc1234664 - CVE-2024-50379:...

Cisco Products Uncontrolled Resource Consumption (CVE-2023-44487)

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...

PT-2025-28238

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.106 Description: A race condition exists due to concurrent execution using a shared resource with improper synchronization when using the APR/Native connector. This issue is particularly noticeable...

PT-2025-28240

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M1 through 11.0.8 Apache Tomcat versions 10.1.0-M1 through 10.1.42 Apache Tomcat versions 9.0.0.M1 through 9.0.106 Description: An uncontrolled resource consumption issue exists in Apache Tomcat when an HTTP/2...

SUSE-SU-2024:4436-1 Security update for grpc

This update for grpc fixes the following issues: - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821...

Security update for python-grpcio

This update for python-grpcio fixes the following issues: CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 Patch Instructions: To install this SUSE update use t...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.5 Security update (Important) (RHSA-2024:11560)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:11560 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

Information Leakage

io.undertow, undertow-core is vulnerable to Information Leakage. The vulnerability is due to the incorrect reuse of an HTTP request header value from a previous stream for a subsequent stream on the same HTTP/2 connection, allowing an attacker to potentially leak information between requests...

Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to a denial of service

Summary IBM Fusion HCI and IBM Fusion are affected by a vulnerability in the Kubernetes package k8s.io/Apimachinery. The HTTP/2 protocol allows for a denial of service. CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service,...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.20 Security update (Moderate) (RHSA-2024:10928)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10928 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Ha...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.20 Security update (Moderate) (RHSA-2024:10927)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10927 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Ha...

BIT-NODE-MIN-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...