RHEL 7 : rh-nginx114-nginx (RHSA-2018:3681)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3681 advisory. - nginx: Excessive memory consumption via flaw in HTTP/2 implementation CVE-2018-16843 - nginx: Excessive CPU usage via flaw in HTTP/2...

RHEL 7 : rh-nginx112-nginx (RHSA-2018:3680)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3680 advisory. - nginx: Excessive memory consumption via flaw in HTTP/2 implementation CVE-2018-16843 - nginx: Excessive CPU usage via flaw in HTTP/2...

CentOS 7 : thunderbird (RHSA-2024:1935)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1935 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

RHEL 8 / 9 : OpenShift Container Platform 4.14.22 (RHSA-2024:1897)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1897 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

USN-6754-1 nghttp2 vulnerabilities

It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2019-9511, CVE-2019-9513 It was...

USN-6754-1: nghttp2 vulnerabilities

It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2019-9511, CVE-2019-9513 It was...

ROS-20240425-01

Vulnerability of Apache HTTP Server web server in the part of HTTP/2 protocol implementation is related to uncontrolled resource consumption due to incorrect header termination detection during CONTINUATION frame processing. CONTINUATION frames. Exploitation of the vulnerability could allow an...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : nghttp2 vulnerabilities (USN-6754-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6754-1 advisory. It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibl...

RHEL 8 : thunderbird (RHSA-2024:1936)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1936 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla...

RHEL 7 : thunderbird (RHSA-2024:1935)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1935 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla...

RHEL 8 : thunderbird (RHSA-2024:1937)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1937 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla...

ROS-20240425-03

Vulnerability in the node::http2::Http2Session::Http2Session HTTP/2-server function of the software platform Node.js is related to uncontrolled resource consumption as a result of incorrect definition of the end of the header when processing CONTINUATION frames. Exploitation of the vulnerability...

USN-6747-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-3852, CVE-2024-3864,...

Oracle Linux 9 : golang (ELSA-2024-1963)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1963 advisory. - Fix CVE-2023-45288 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-1962)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1962 advisory. - Fix CVE-2024-1394 - Fix CVE-2023-45288 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

RHEL 8 : thunderbird (RHSA-2024:1982)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1982 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.10.0. Security Fixes: Mozilla...

Oracle Linux 9 : owO: / thunderbird (ELSA-2024-1940)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1940 advisory. 115.10.0-2.0.1 - Add Oracle prefs - Add OpenELA debranding 115.10.0-2 - Update to 115.10.0 build2 115.10.0-1 - Update to 115.10.0 build1 - Revert expat...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-27268)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server Liberty is...

How HTTP/2 Persistent Connections Help Improve Performance and User Experience

...

Low: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update ...