AZL-40012 CVE-2024-27316 affecting package httpd for versions less than 2.4.59-1

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

AZL-40001 CVE-2024-27316 affecting package httpd for versions less than 2.4.61-1

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

OESA-2024-1335 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723...

ROS-20240329-10

Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...

SUSE CVE-2024-30156

Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack...

Varnish Cache 安全漏洞

Varnish Cache is a suite of reverse web caching servers. A security vulnerability exists in Varnish Cache versions prior to 7.3.2 and 7.4.x prior to 7.4.3 and Varnish Enterprise versions prior to 6.0.12r6, which stems from a credit exhaustion that allows HTTP/2 connections to control the flow...

SUSE-SU-2024:0817-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: - CVE-2024-22201: Fixed denial-of-service via HTTP/2 connection leak bsc1220437...

Fedora 39 : suricata (2024-bd4eed8466)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd4eed8466 advisory. This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837, CVE-2024-23839, CVE-2024-24568. Tenable has extracted the preceding description...

Fedora 39 : golang-github-tdewolff-argp / golang-github-tdewolff-minify / etc (2024-c3e32c5635)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-c3e32c5635 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

BIT-ENVOY-2021-29258

An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion...

BIT-GOLANG-2023-39325 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

PT-2024-2621

Name of the Vulnerable Software and Affected Versions net/http and net/http2 in Go affected versions not specified Description An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires...

Improper Access Control

Suricata is vulnerable to Improper Access Control. The vulnerability is due to the way rules inspecting HTTP2 headers are implemented. An attacker can bypass these rules by splitting header frames...

openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:0419-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.0 packages and security update

Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Security Bulletin: Netty-codec-http2 is vulnerable to CVE-2023-44487 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http2 which is vulnerable to CVE-2023-44487. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of...

RHEL 8 / 9 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

biz.netcentric.cq.tools.accesscontroltool:sling-maximum-version-environment (>=4.2.0 <=4.2.1), com.atlan:package-toolkit-testing (>=5.3.1 <=7.2.3) +975 more potentially affected by CVE-2024-22201 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.5)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =4.2.0, =5.3.1, =2.6.0, =2.0.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.230 and more Source cves: CVE-2024-22201 Source advisory: OSV:GHSA-RGGV-CV7R-MW98...

CVE-2024-24568

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3...

CVE-2024-24568

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3...