Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1738)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1738 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...

FreeBSD : Apache Tomcat -- Multiple Vulnerabilities (ef87346f-5dd0-11f0-beb2-ac5afc632ba3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ef87346f-5dd0-11f0-beb2-ac5afc632ba3 advisory. [email protected] reports: A race condition on connection close could trigger a JVM crash wh...

Alibaba Cloud Linux 3 : 0091: git-lfs (ALINUX3-SA-2024:0091)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0091 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-45288: An attacker may cause an...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:0033-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0033-1 advisory. Update to Tomcat 10.1.34 - Fixed CVEs: - CVE-2024-54677: DoS in examples web application bsc1234664 - CVE-2024-50379:...

Apache Tomcat 11.0.0-M1 < 11.0.0 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...

MGASA-2019-0407 Updated apache packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window close...

MGASA-2019-0342 Updated nginx packages fix security vulnerabilities

Updated nginx packages fix security vulnerabilities: When using HTTP/2 a client might cause excessive memory consumption and CPU usage CVE-2019-9511, CVE-2019-9513, CVE-2019-9516...

OPENSUSE-SU-2019:2051-1 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering bsc1145575. - CVE-2019-10081: Fixed modhttp2 that is vulnerable to memory corruption on early pushes bsc1145742. -...

SUSE-SU-2019:2260-1 Security update for nodejs8

This update for nodejs8 to version 8.16.1 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. - CVE-2019-9512...

SUSE-SU-2019:2237-1 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering bsc1145575. - CVE-2019-10081: Fixed modhttp2 that is vulnerable to memory corruption on early pushes bsc1145742. -...

OPENSUSE-SU-2019:0195-1 Security update for nginx

This update for nginx fixes the following issues: nginx was updated to 1.14.2: - Bugfix: nginx could not be built on Fedora 28 Linux. - Bugfix: in handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. - Change: the logging level of the 'http request',...