RHEL 8 / 9 : OpenShift Container Platform 4.14.22 (RHSA-2024:1897)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1897 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

USN-6754-1 nghttp2 vulnerabilities

It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2019-9511, CVE-2019-9513 It was...

USN-6754-1: nghttp2 vulnerabilities

It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2019-9511, CVE-2019-9513 It was...

ROS-20240425-01

Vulnerability of Apache HTTP Server web server in the part of HTTP/2 protocol implementation is related to uncontrolled resource consumption due to incorrect header termination detection during CONTINUATION frame processing. CONTINUATION frames. Exploitation of the vulnerability could allow an...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : nghttp2 vulnerabilities (USN-6754-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6754-1 advisory. It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibl...

RHEL 7 : thunderbird (RHSA-2024:1935)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1935 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla...

RHEL 8 : thunderbird (RHSA-2024:1936)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1936 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla...

ROS-20240425-03

Vulnerability in the node::http2::Http2Session::Http2Session HTTP/2-server function of the software platform Node.js is related to uncontrolled resource consumption as a result of incorrect definition of the end of the header when processing CONTINUATION frames. Exploitation of the vulnerability...

RHEL 8 : thunderbird (RHSA-2024:1937)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1937 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla...

USN-6747-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-3852, CVE-2024-3864,...

Oracle Linux 9 : golang (ELSA-2024-1963)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1963 advisory. - Fix CVE-2023-45288 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-1962)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1962 advisory. - Fix CVE-2024-1394 - Fix CVE-2023-45288 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

RHEL 8 : thunderbird (RHSA-2024:1982)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1982 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla...

Oracle Linux 9 : owO: / thunderbird (ELSA-2024-1940)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1940 advisory. 115.10.0-2.0.1 - Add Oracle prefs - Add OpenELA debranding 115.10.0-2 - Update to 115.10.0 build2 115.10.0-1 - Update to 115.10.0 build1 - Revert expat...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-27268)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server Liberty is...

How HTTP/2 Persistent Connections Help Improve Performance and User Experience

...

Low: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update ...

Oracle Linux 8 : thunderbird (ELSA-2024-1939)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1939 advisory. 115.10.0-2.0.1 - Add Oracle prefs 115.10.0 - Add OpenELA debranding 115.10.0-2 - Update to 115.10.0 build2 115.10.0-1 - Update to 115.10.0 build1 - Revert expat...

RHEL 8 / 9 : java-11-openjdk (RHSA-2024:1822)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1822 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security...

ROS-20240423-06

Envoy proxy vulnerability is due to the fact that regular expressions are compiled for each request and can lead to high CPU utilization and increased request latency. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. The Envoy proxy...