4433 matches found
Moderate: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: nodejs:18 security update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: RHACS 4.1 enhancement and security update
Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
Important: Red Hat Security Advisory: httpd24-nghttp2 security update
Updated 20 October 2023 We have rectified an erroneous typographical error in this erratum documentation. The documentation present in this erratum has incorrect package name mentioned that was misleading. No changes have been made to the package. An update for httpd24-nghttp2 is now available fo...
Important: Red Hat Security Advisory: rh-nodejs14 security update
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-5721)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5721 advisory. - Rebase to Go 1.19.13 CVE-2023-39325 CVE-2023-44487 go-toolset Tenable has extracted the preceding description block directly from the Oracle Linux...
FreeBSD : jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty (1ee26d45-6ddb-11ee-9898-00e081b7aa2d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ee26d45-6ddb-11ee-9898-00e081b7aa2d advisory. - Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.1...
RHEL 9 : nodejs:18 (RHSA-2023:5849)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5849 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
Amazon Linux 2 : nginx (ALASNGINX1-2023-006)
The version of nginx installed on the remote host is prior to 1.22.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2023-006 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...
RHEL 7 : rhc-worker-script (RHSA-2023:5835)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5835 advisory. The rhc-worker-script packages provide Remote Host Configuration rhc worker for executing an interpreted programming language script on host...
Oracle Linux 9 : .NET / 7.0 (ELSA-2023-5749)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5749 advisory. 7.0.112-1.0.1 - Update to .NET SDK 7.0.112 and Runtime 7.0.12 - Resolves: RHEL-11698 Tenable has extracted the preceding description block directly from the...
Jenkins LTS < 2.414.3 / Jenkins weekly < 2.428 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.414.3 or Jenkins weekly prior to 2.428. It is, therefore, affected by multiple vulnerabilities: - Eclipse Jetty provides a web server and servlet container. In...
Important: nghttp2 security update
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CV...
Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...
Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according t...
ALSA-2023:5838 Important: nghttp2 security update
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CV...
Oracle Linux 9 : dotnet6.0 (ELSA-2023-5708)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5708 advisory. 6.0.123-1.0.1 - Update to .NET SDK 6.0.123 and Runtime 6.0.23 - Resolves: RHEL-11696 Tenable has extracted the preceding description block directly from the...
Important: nghttp2 security update
nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more...