CVE-2022-0618

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSHPROMISE frame where the frame contains padding information...

Security Bulletin: Due to the use of eclipse Jetty Rational Performance Tester is vulnerable to a denial of service

Summary Due to the use of Eclipse Jetty, Rational Performance Tester cotnains vulnerabilities around request processing CVE-2025-5115 Vulnerability Details CVEID:CVE-2025-5115 DESCRIPTION: In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigg...

PT-2026-28319

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 25.x Description A flaw exists in the Node.js Permission Model's filesystem enforcement, specifically leaving the fs.realpathSync.native function without the necessary read permission checks. Comparable filesystem...

SUSE SLES15 / openSUSE 15 Security Update : netty (SUSE-SU-2025:4489-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4489-1 advisory. Update to upstream version 4.1.130. Security issues fixed: - CVE-2025-67735: lack of URI sanitization in HttpRequestEncoder allows for CRL...

SUSE-SU-2025:4489-1 Security update for netty

This update for netty fixes the following issues: Update to upstream version 4.1.130. Security issues fixed: - CVE-2025-67735: lack of URI sanitization in HttpRequestEncoder allows for CRLF injection through a request URI and can lead to request smuggling bsc1255048. Other updates and bugfixes: -...

RHEL 9 : mod_http2 (RHSA-2025:14983)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14983 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2:...

libsoup3 security update

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libsoup is an HTTP library implementation in C. It was originally part of a...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2467)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 10 : libsoup3 (RHSA-2025:23139)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23139 advisory. Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the...

nghttp2 security update

An update is available for nghttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client,...

Linux Distros Unpatched Vulnerability : CVE-2025-1948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZ...

[SECURITY] [DLA 4387-1] qtbase-opensource-src security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4387-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 29, 2025 https://wiki.debian.org/LTS -...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2440)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP13 : mod_http2 (EulerOS-SA-2025-2450)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

TencentOS Server 3: mod_http2 (TSSA-2022:0259)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0259 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2395)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM i is affected by BIND accepting records with untrusted data, predictable port and query ID, and resource exhaustions in Domain Name System due to multiple vulnerabilities.

Summary Domain Name System for IBM i is vulnerable to BIND accepting records with forged data CVE-2025-40778, prediction of port and ID due to weakness in pseudo random number generator CVE-2025-40780, various resource exhaustions when being flooded with valid or invalid HTTP/2 traffic...

Updated libsoup3 & libsoup packages fix security vulnerabilities

Libsoup: heap buffer over-read in skipinsignificantspace when sniffing content. CVE-2025-2784 Libsoup: denial of service attack to websocket server. CVE-2025-32049 Libsoup: integer overflow in appendparamquoted. CVE-2025-32050 Libsoup: segmentation fault when parsing malformed data uri...

CLSA-2025-1761747106 Fix CVE(s): CVE-2024-38477

SECURITY UPDATE: null pointer dereference in modproxy - debian/patches/CVE-2024-38477.patch: validate hostname in modules/proxy/proxyutil.c. Restart from the original URL on reconnect in modules/http2/modproxyhttp2.c. - CVE-2024-38477...

Fedora: Security Advisory (FEDORA-2025-494d9f64cb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...