4433 matches found
Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2023-031)
The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-031 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2023-030)
The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2023-030 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly conside...
CVE-2023-45802
A flaw was found in modhttp2. When a HTTP/2 stream is reset RST frame by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connectio...
[slackware-security] httpd
New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.58-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: moderate: Apache HTTP Server...
Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.4 release and security update
Red Hat AMQ Broker 7.10.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
USN-6438-1: .NET vulnerabilities
Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. CVE-2023-36799 It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly...
USN-6427-2: .NET vulnerability
USN-6427-1 fixed a vulnerability in .NET. This update provides the corresponding update for .NET 8. Original advisory details: It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service...
Important: Red Hat Security Advisory: tomcat security update
An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: Red Hat Security Advisory: varnish security update
An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Amazon Linux AMI : tomcat8 (ALAS-2023-1868)
The version of tomcat8 installed on the remote host is prior to 8.5.94-1.95. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1868 advisory. Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from...
Amazon Linux AMI : nginx (ALAS-2023-1870)
The version of nginx installed on the remote host is prior to 1.18.0-1.45. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1870 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...
AlmaLinux 8 : nodejs:16 (ALSA-2023:5850)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5850 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description block...
AlmaLinux 8 : nodejs:18 (ALSA-2023:5869)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5869 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A AlmaLinux Security Bulletin which addresse...
RHEL 8 : grafana (RHSA-2023:5863)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5863 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golan...
RHEL 8 : nodejs:18 (RHSA-2023:5869)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5869 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2023-390)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-390 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
Ubuntu 23.10 : .NET vulnerability (USN-6427-2)
The remote Ubuntu 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6427-2 advisory. USN-6427-1 fixed a vulnerability in .NET. This update provides the corresponding update for .NET 8. Tenable has extracted the preceding description block directly fro...
ALSA-2023:5924 Important: varnish security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...