Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is...

K000158979: BIG-IP HTTP/2 Layer 7 DoS Protection vulnerability CVE-2026-41227

Security Advisory Description On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel TMM process to terminate. CVE-2026-41227 Impact Traffic is disrupted while the TMM proce...

MiracleLinux 7 : rh-nodejs14-nodejs-14.16.0-1.el7 (AXSA:2021-1590:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1590:02 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...

MiracleLinux 7 : rh-nginx114-nginx-1.14.1-1.1.0.1.el7.AXS7, rh-nginx114-1.14-6.el7 (AXSA:2021-1753:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1753:01 advisory. HTTP/2: large amount of data request leads to denial of service CVE-2019-9511 HTTP/2: flood using PRIORITY frames resulting in excessive resource...

TencentOS Server 3: nodejs:16 (TSSA-2024:0107)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0107 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

RockyLinux 10 : tomcat9 (RLSA-2025:14178)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:14178 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : Red Hat Product OCP Tools 4.18 Openshift Jenkins (RHSA-2025:16455)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16455 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...

RHEL 8 : Red Hat Product OCP Tools 4.15 OpenShift Jenkins (RHSA-2025:16462)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16462 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

Fixed in Apache Tomcat 11.0.10

Important: DoS in HTTP/2 due to client triggered stream reset CVE-2025-48989 Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically manifested as an OutOfMemoryError. This was fixed with commit f362c8eb. This issue was reported to the ASF...

SUSE-SU-2025:02683-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 - CVE-2024-47252: Fixed insufficie...

Medium: docker

Issue Overview: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 Affected Packages: docker Note: This advisory is applicable to Amazon...

Important: containerd

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

Important: nerdctl

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Text nodes not in the HTML namespace are incorrectly literally rendered,...

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a G...

AZL-31331 CVE-2023-44487 affecting package multus for versions less than 3.8-12

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...