openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:2249-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for go1.12 (openSUSE-SU-2019:2000-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for haproxy (openSUSE-SU-2019:2556-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for go1.12 (openSUSE-SU-2019:2085-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: A security vulnerability has been identified in nginx shipped with PowerAI Vision

Summary Multiple vulnerabilities CVE-2019-9516, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-9511, CVE-2019-9513 in nginx Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The...

Security Bulletin: Multiple vulnerabilities in Netty affect IBM Transparent Cloud Tiering

Summary There are vulnerabilities in Netty used by IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-9514 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial o...

Oracle Linux 8 : container-tools:1.0 (ELSA-2019-4273)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4273 advisory. - rebuild because of CVE-2019-9512 and CVE-2019-9514 - rebuild because of CVE-2019-9512 and CVE-2019-9514 - rebuild because of CVE-2019-9512 and...

Oracle Linux 8 : container-tools:ol8 (ELSA-2019-4269)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4269 advisory. - Fix CVE-2019-10214 1734653. - rebuild to address CVE-2019-9514 and CVE-2019-9512 - backport patches for CVE-2019-16884 from upstream - rebuild becaus...

Security Bulletin: Multiple Vulnerabilities in Liberty affect IBM WIoTP MessageGateway

Summary There are multiple vulnerabilities in IBM WebSphere Liberty that affect IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream...

Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via HTTP/2.

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K81557381)

When the BIG-IP system is configured in HTTP/2 full proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel TMM. CVE-2019-6673 Impact An attacker may be able to use a specifically crafted request to cause a disruption of service...

Security Bulletin: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities

Summary IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of...

MGASA-2019-0407 Updated apache packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window close...

Updated apache packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window close...

CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

Security Bulletin: Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-5736 DESCRIPTION: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root...

Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Summary There are multiple security vulnerabilities that affect the IBM WebSphere Application Server in the IBM Cloud. There is a file traversal vulnerability in the Admin Console of WebSphere Application Server. There is a path traversal vulnerability in the Admin Console of WebSphere Applicatio...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update

An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: IBM MQ Certified Container is vulnerable to multiple vulnerabilities in Golang (CVE-2019-9512, CVE-2019-9514)

Summary Multiple vulnerabilities were found in the Golang package that is used by IBM MQ Certified Container. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual...