Fedora: Security Advisory (FEDORA-2024-f99ee6bf95)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-a00de83de9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1

Summary Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing...

Important: Red Hat Security Advisory: tomcat security and bug fix update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: tomcat security and bug fix update

An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : tomcat (RHSA-2024:3307)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3307 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: HTTP/2 heade...

Apache Tomcat 8.5.0 < 8.5.58

The version of Tomcat installed on the remote host is prior to 8.5.58. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.58security-8 advisory. - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57...

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes and Enhancements: Rebase tomcat to...

ALSA-2024:3307 Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes and Enhancements: Rebase tomcat to...

tomcat security and bug fix update

1:9.0.87-1.el94.1 - Resolves: RHEL-34815 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-31048 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 - Resolves: RHEL-31032 tomcat: : Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 - Resolves: RHEL-35328 ...

Apache Tomcat 9.0.0.M1 < 9.0.0.M19 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.0.M19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.0.m19security-9 advisory. - In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connecto...

RHEL 9 : tomcat (RHSA-2024:3308)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3308 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: HTTP/2 heade...

Apache Tomcat 8.5.0 < 8.5.38

The version of Tomcat installed on the remote host is prior to 8.5.38. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.38security-8 advisory. - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessi...

Apache Tomcat 9.0.0.M1 < 9.0.0.M13 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.0.m13security-9 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x befor...

RHEL 8 : varnish:6 (RHSA-2024:2938)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2938 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...

AlmaLinux 9 : nodejs (ALSA-2024:2910)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2910 advisory. - A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to...

Oracle Linux 9 : nodejs:20 (ELSA-2024-2853)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2853 advisory. - Backport nghttp2 patch for CVE-2024-28182 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2024-1684)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1684)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated java-1.8.0, java-11, java-17, java-latest packages fix security vulnerabilities

Long Exception message leading to crash. CVE-2024-21011 HTTP/2 client improper reverse DNS lookup. CVE-2024-21012 Integer overflow in C1 compiler address generation. CVE-2024-21068 Pack200 excessive memory allocation. CVE-2024-21085 C2 compilation fails with "Exceeded noderegs array". CVE-2024-21...