4433 matches found
Oracle Linux 9 : .NET / 7.0 (ELSA-2023-5749)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5749 advisory. 7.0.112-1.0.1 - Update to .NET SDK 7.0.112 and Runtime 7.0.12 - Resolves: RHEL-11698 Tenable has extracted the preceding description block directly from the...
Oracle Linux 8 : dotnet6.0 (ELSA-2023-5710)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5710 advisory. 6.0.123-1.0.1 - Update to .NET SDK 6.0.123 and Runtime 6.0.23 - Resolves: RHEL-11696 Tenable has extracted the preceding description block directly from the...
jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
Jenkins Security Advisory: Description High SECURITY-3291 / CVE-2023-36478, CVE-2023-44487 HTTP/2 denial of service vulnerability in bundled Jetty...
Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A AlmaLinux Security Bulletin which...
Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security...
Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according t...
Important: nghttp2 security update
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CV...
Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...
Oracle Linux 9 : dotnet6.0 (ELSA-2023-5708)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5708 advisory. 6.0.123-1.0.1 - Update to .NET SDK 6.0.123 and Runtime 6.0.23 - Resolves: RHEL-11696 Tenable has extracted the preceding description block directly from the...
Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-5721)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5721 advisory. - Rebase to Go 1.19.13 CVE-2023-39325 CVE-2023-44487 go-toolset Tenable has extracted the preceding description block directly from the Oracle Linux...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-016)
The version of tomcat installed on the remote host is prior to 8.5.94-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-016 advisory. Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update
Migration Toolkit for Runtimes 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Important: Red Hat Security Advisory: nodejs:16 security update
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update
Migration Toolkit for Runtimes 1.2.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
github.com/kumahq/kuma affected by CVE-2023-44487
Impact Envoy and Go HTTP/2 protocol stack is vulnerable to the "Rapid Reset" class of exploits, which send a sequence of HEADERS frames optionally followed by RSTSTREAM frames. This can be exercised if you use the builtin gateway and receive untrusted http2 traffic. Patches...
Important: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update
Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available updates to RHBQ 2.13.8.SP3. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Important: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...
Important: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...