4433 matches found
Fixed in Apache Tomcat 11.0.0-M12
Important: Request smuggling CVE-2023-45648 Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. This was fixe...
KB5031354: Windows 11 version 22H2 Security Update (October 2023)
The remote Windows host is missing security update 5031354. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
KB5031358: Windows 11 version 21H2 Security Update (October 2023)
The remote Windows host is missing security update 5031358. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
KB5031364: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (October 2023)
The remote Windows host is missing security update 5031364. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
Apache Tomcat 9.0.0.M1 < 9.0.81 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.81. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.81security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, fro...
Amazon Linux AMI : containerd (ALAS-2023-1849)
The version of containerd installed on the remote host is prior to 1.4.13-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1849 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the...
Amazon Linux AMI : golang (ALAS-2023-1848)
The version of golang installed on the remote host is prior to 1.20.8-1.47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1848 advisory. 2024-01-03: CVE-2023-24537 was added to this advisory. 2024-01-03: CVE-2023-29400 was added to this advisory. 2024-01-03...
Important: golang
Issue Overview: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the...
openSUSE 15: golang-github-QubitProducts-exporter_exporter / etc (SUSE-SU-2023:3868-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3868-1 advisory. golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-011)
The version of tomcat installed on the remote host is prior to 8.5.58-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-011 advisory. If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the...
Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-006)
The version of haproxy2 installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-006 advisory. In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write...
Security Bulletin: Due to the use of Golang Go, IBM Workload Scheduler is vulnerable to a denial of service.
Summary Gloang Go is used by IBM Workload Scheduler CVE-2022-41717 Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in the Go server. By sending a specially-crafted keys, a remote attacker could...
Oracle Linux 9 : istio (ELSA-2023-12771)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12771 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 -...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.10 security update
Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...
Oracle Linux 8 : olcne (ELSA-2023-12772)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12772 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 -...
Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2023-339)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-339 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...
Oracle Linux 7 : istio (ELSA-2023-12781)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12781 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. olcne - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 Tenable has...
Oracle Linux 8 : istio (ELSA-2023-12780)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12780 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. olcne - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 Tenable has...
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2023-337)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-337 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has no...
Amazon Linux 2023 : cni-plugins (ALAS2023-2023-338)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-338 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...