CentOS 9 : curl-7.76.1-31.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-31.el9 build changelog. - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allow...

Atlassian Jira Service Management Data Center and Server 5.4.x < 5.4.25 / 5.12.x < 5.12.12 / 5.15.x < 5.17.1 DoS (JSDSERVER-15504)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15504 advisory. - Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apac...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

ROS-20240826-20

Vulnerability in archive-zip package of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create an arbitrary zip file Vulnerability of net/http and net/http2 libraries of Go programming language in...

ROS-20240826-01

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center and Server

This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 9.2.1, 9.5.0, 9.6.0, and 10.0.0-rc3 of Bamboo Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go Vulnerability Details CVEID:CVE-2024-24785 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the MarshalJSON methods in the html/template package. By...

EulerOS Virtualization 2.11.1 : mod_http2 (EulerOS-SA-2024-2170)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2024-2215)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend...

EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2024-2164)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2232)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-2244)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-2220)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-2214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-2238)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2208)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : httpd (EulerOS-SA-2024-2168)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 respons...

Amazon Linux 2 : oci-add-hooks (ALASNITRO-ENCLAVES-2024-043)

The version of oci-add-hooks installed on the remote host is prior to 0-0.2.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-043 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...

Amazon Linux 2 : oci-add-hooks (ALASDOCKER-2024-042)

The version of oci-add-hooks installed on the remote host is prior to 0-0.2.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-042 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessi...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...