RHEL 7 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd: modproxy: X-Forwarded-For dropped by hop-by-hop mechanism CVE-2022-31813 - Apache HTTP Server...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

RLSA-2024:1940 Low: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla: Denial of Service using HTTP/2 CONTINUATION frames CVE-2024-3302 For more details about the security issues, including the impact, a CVSS score,...

RLSA-2024:1691 Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: HTTP/2 Broken Window Attack may result in denial of service...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1585)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHCOS 4 : OpenShift Container Platform 4.14.24 (RHSA-2024:2672)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2672 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 - buildah: full container escape ...

Oracle Linux 8 : nodejs:18 (ELSA-2024-2780)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2780 advisory. nodejs 1:18.20.2-1 - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 nodejs-nodemon...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1563)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 9 : nodejs:18 (RLSA-2024:2779)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2779 advisory. - A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function ...

Rocky Linux 8 : nodejs:20 (RLSA-2024:2778)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2778 advisory. - A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function ...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...

AlmaLinux 8 : git-lfs (ALSA-2024:2699)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:2699 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state...

AlmaLinux 8 : nodejs:20 (ALSA-2024:2778)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2778 advisory. c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to retrieve...

RHEL 9 : Red Hat build of MicroShift 4.15.12 (RHSA-2024:2667)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2667 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the ed...

AlmaLinux 9 : git-lfs (ALSA-2024:2724)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:2724 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPA...

RHEL 8 : nodejs:20 (RHSA-2024:2778)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2778 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 9 : Red Hat build of MicroShift 4.14.24 (RHSA-2024:2671)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2671 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the ed...

Rocky Linux 8 : git-lfs (RLSA-2024:2699)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2699 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK stat...

RHEL 8 : nodejs:18 (RHSA-2024:2780)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2780 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...