MiracleLinux 8 : grafana-7.5.15-5.el8.ML.1 (AXSA:2023-6522:08)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6522:08 advisory. grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are...

MiracleLinux 8 : tomcat-9.0.87-1.el8_10.1.ML.1 (AXSA:2024-8475:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8475:09 advisory. Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes:...

MiracleLinux 9 : java-17-openjdk-17.0.5.0.8-2.el9 (AXSA:2022-4116:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4116:10 advisory. OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509...

MiracleLinux 9 : conmon-2.1.7-1.el9 (AXSA:2023-5520:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5520:02 advisory. golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 Tenable has extracted the preceding description block...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-8389:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8389:01 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...

MiracleLinux 7 : firefox-91.3.0-1.0.1.el7.AXS7 (AXSA:2021-2530:32)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2530:32 advisory. Mozilla: Use-after-free in HTTP2 Session object Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Mozilla: iframe sandbox rules d...

MiracleLinux 9 : toolbox-0.0.99.3-9.el9 (AXSA:2023-5654:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5654:01 advisory. golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang: net/http: An attacker can cause excessive memory growth in a Go...

MiracleLinux 8 : java-17-openjdk-17.0.11.0.9-2.el8 (AXSA:2024-7705:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7705:07 advisory. OpenJDK: long Exception message leading to crash 8319851 CVE-2024-21011 OpenJDK: integer overflow in C1 compiler address generation 8322122...

MiracleLinux 9 : tomcat-9.0.62-11.el9.3 (AXSA:2023-6536:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6536:04 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

MiracleLinux 9 : containernetworking-plugins-1.3.0-4.el9 (AXSA:2023-6651:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6651:02 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.16 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System CVSS base score, which gives a detailed severity rating, ...

MGASA-2026-0009 Updated nodejs packages fix security vulnerabilities

Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. CVE-2025-59465 Uncatchable "Maximum call stack size exceeded" error on Node.js via asynchooks leads to process crashes bypassing error handlers. CVE-2025-59466 Bypass File System Permissions using crafted...

Updated nodejs packages fix security vulnerabilities

Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. CVE-2025-59465 Uncatchable "Maximum call stack size exceeded" error on Node.js via asynchooks leads to process crashes bypassing error handlers. CVE-2025-59466 Bypass File System Permissions using crafted...

MiracleLinux 4 : thunderbird-45.3.0-1.AXS4 (AXSA:2016-652:06)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2016-652:06 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security issues fixed with this release: CVE-2016-2836 Multiple unspecified vulnerabilities in...

MiracleLinux 4 : httpd24-httpd-2.4.25-9.AXS4 (AXSA:2017-1637:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1637:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2016-0736 RESERVED This...

OPENSUSE-SU-2026:20038-1 Security update for wget2

This update for wget2 fixes the following issues: Changes in wget2: - Update to release 2.2.1 Fix file overwrite issue with metalink CVE-2025-69194 bsc1255728 Fix remote buffer overflow in getlocalfilenamereal CVE-2025-69195 bsc1255729 Fix a redirect/mirror regression from 400713ca Use the local...

MiracleLinux 8 : httpd:2.4 (AXSA:2025-10834:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10834:01 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible usi...

MiracleLinux 8 : nodejs:18 (AXSA:2025-9678:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9678:01 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable h...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.1.3 (RHSA-2026:0384)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0384 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...