Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163.

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous,...

container-tools:4.0 security and bug fix update

An update is available for module.crun, fuse-overlayfs, module.slirp4netns, python-podman, module.runc, container-selinux, module.podman, module.udica, module.fuse-overlayfs, cockpit-podman, module.conmon, containers-common, libslirp, criu, module.containers-common, crun, module.libslirp,...

Ubuntu: Security Advisory (USN-7892-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7892-1 h2o vulnerability

It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to crash, resulting in a denial of service...

TencentOS Server 3: container-tools (TSSA-2023:0111)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0111 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: nodejs (TSSA-2025:0324)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0324 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: nodejs:16 (TSSA-2024:0107)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0107 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-55163 was introduced in 9.12.1, 9.12.2, 9.12.3, 9.12.4, 9.12.5, 9.12.6, 9.12.7, 9.12.8, 9.12.9, 9.12.10, 9.12.11, 9.12.12, 9.12.13, 9.12.14, 9.12.15, 9.12.16, 9.12.17, 9.12.18, 9.12.19, 9.12.22, 9.12.23, 9.12.24, 9.12.25,...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2023-35945)

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the GOAWA...

EulerOS 2.0 SP12 : mod_http2 (EulerOS-SA-2025-2366)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 ( CVE-2025-36047)

Summary WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 CVE-2025-36047 Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a...

Astra Linux – Vulnerability in Node.js

A memory leak could occur when a remote peer abruptly closes the socket without sending a “GOAWAY” notification. Additionally, if an invalid header is detected by nghttp2, causing the connection to be terminated by the peer, the same memory leak will be triggered. This flaw could lead to increase...

Astra Linux – Vulnerability in Apache2

In certain proxy configurations, a denial-of-service attack against Apache HTTP Server versions 2.4.26 through 2.4.63 can occur when untrusted clients trigger an assertion in modproxyhttp2. The configurations affected include reverse proxies configured for HTTP/2 backends, where ProxyPreserveHost...

Astra Linux - уязвимость в haproxy

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...

SUSE CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105 Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

PT-2025-43435

Name of the Vulnerable Software and Affected Versions libsoup versions prior to 3.6.5-1ubuntu0.3 Description The libsoup library contains a flaw in its asynchronous message queue handling, specifically when managing HTTP/2 communications. When network operations are aborted at certain times, an...

Oracle WebLogic Server (October 2025 CPU)

The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized...