42 matches found
Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2023-35945)
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the GOAWA...
NewStart CGSL MAIN 7.02 : nghttp2 Multiple Vulnerabilities (NS-SA-2025-0134)
The remote NewStart CGSL host, running version MAIN 7.02, has nghttp2 packages installed that are affected by multiple vulnerabilities: - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...
TencentOS Server 4: nghttp2 (TSSA-2024:0929)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0929 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Azure Linux 3.0 Security Update: cmake / nghttp2 / nodejs / nodejs18 (CVE-2023-35945)
The version of cmake / nghttp2 / nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-35945 advisory. - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's...
openSUSE: Security Advisory for nghttp2 (SUSE-SU-2023:3997-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : nghttp2 (EulerOS-SA-2023-3189)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...
EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2023-3038)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...
EulerOS 2.0 SP10 : nghttp2 (EulerOS-SA-2023-3224)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...
EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2023-3015)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...
EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2023-3478)
According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping...
EulerOS Virtualization 2.9.1 : nghttp2 (EulerOS-SA-2024-1045)
According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping...
EulerOS Virtualization 2.9.0 : nghttp2 (EulerOS-SA-2024-1019)
According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping...
EulerOS 2.0 SP9 : nghttp2 (EulerOS-SA-2023-3314)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2023-3506)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2023-3478)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2023-3314)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2023-3015)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:4102-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: libnghttp2-14 / libnghttp2-14-32bit / libnghttp2-devel / etc (SUSE-SU-2023:4102-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4102-1 advisory. - CVE-2023-35945: Fixed memory leak when PUSHPROMISE or HEADERS frame cannot be sent bsc1215713. Tenable has extracted the preceding...
SUSE-SU-2023:4102-1 Security update for nghttp2
This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSHPROMISE or HEADERS frame cannot be sent bsc1215713...