EulerOS Virtualization 2.9.1 : nghttp2 (EulerOS-SA-2024-1045)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping...

EulerOS 2.0 SP9 : nghttp2 (EulerOS-SA-2023-3346)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...

EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2023-3254)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.5)

The version of AOS installed on the remote host is prior to 6.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.5 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1082)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow a...

Oracle Linux 9 : conmon (ELSA-2023-13053)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13053 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the tota...

Oracle Linux 8 : conmon (ELSA-2023-13054)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13054 advisory. - Resolve CVE-2023-39325 - Resolve CVE-2023-39325 - Resolve CVE-2023-39325 - Resolve CVE-2023-44487 and CVE-2023-39325 - address CVE-2023-44487 and...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2023-3346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js

Summary Vulnerabilities in Node.js such as remote attacker to bypass security restrictions, denial of service, may affect IBM Spectrum Control. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-39333 DESCRIPTION: Node.js could allow a remote attacker to gain...

Oracle Linux 8 : conmon (ELSA-2023-13028)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13028 advisory. - Resolve CVE-2023-39325 - Resolve CVE-2023-39325 cri-tools - Resolve CVE-2023-39325 etcd - Resolve CVE-2023-44487 and CVE-2023-39325 helm - address...

Security Bulletin: Vulnerability in Go related packages affects IBM CICS TX Standard 11.1 (CVE-2023-44487).

Summary Vulnerability in Go related packages affects IBM CICS TX Standard 11.1 CVE-2023-44487. IBM CICS TX Standard 11.1 has addressed the applicable issue. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling...

RHEL 8 : Red Hat Single Sign-On 7.6.6 security update on RHEL 8 (Important) (RHSA-2023:7483)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7483 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

RHEL 9 : Red Hat Single Sign-On 7.6.6 security update on RHEL 9 (Important) (RHSA-2023:7484)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7484 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

Cisco Prime Infrastructure DoS (cisco-sa-http2-reset-d8Kf32vZ)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.4. It is, therefore, affected by a denial of service DoS vulnerability, due to a HTTP/2 protocol-level weakness. The HTTP/2 protocol allows a denial of service server resource consumption because request...

Atlassian Confluence 7.19.x < 7.19.16 / 8.3.x < 8.5.3 / 8.6.x < 8.6.1 (CONFSERVER-93163)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93163 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploit...

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Vulnerability in Crowd Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.2.0, 5.1.5, 5.0.7, 4.4.5, and other older versions of Crowd Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty.

Summary IBM Sterling Connect:Direct Browser User Interface uses Jetty server. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafte...

SUSE SLES15 Security Update : nghttp2 (SUSE-SU-2023:4492-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4492-1 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

Debian: Security Advisory (DSA-5558-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...