1391 matches found
Important: qt5-qtbase
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
Important: qt5-qtlocation
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
Important: qt5-qtxmlpatterns
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
Important: qt5-qtquickcontrols
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
Amazon Linux 2 : qt5 (ALAS-2024-2675)
The version of qt5 installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2675 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x...
Amazon Linux 2 : qt5-qtcanvas3d (ALAS-2024-2664)
The version of qt5-qtcanvas3d installed on the remote host is prior to 5.12.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2664 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x throu...
Amazon Linux 2 : qt5-qttools (ALAS-2024-2677)
The version of qt5-qttools installed on the remote host is prior to 5.15.3-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2677 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through...
Amazon Linux 2 : qt5-qtsvg (ALAS-2024-2663)
The version of qt5-qtsvg installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2663 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through...
Important: qt5-qtscript
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
Important: qt5-qtwebchannel
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
Important: qt5
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
Amazon Linux 2 : qt5-qtsensors (ALAS-2024-2666)
The version of qt5-qtsensors installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2666 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x throug...
ALSA-2024:8680 Low: mod_http2 security update
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
Low: mod_http2 security update
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
CVE-2024-41988
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications th...
CVE-2024-41988 Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications th...
CVE-2024-41988
CVE-2024-41988 affects TEM Opera Plus FM Family Transmitter (affected version: 35.45). An unprotected endpoint allows MPFS File System binary image upload without authentication, affecting the HTTP2 web server module and SNMP module (and shared storage access). This can be exploited to overwrite ...
Medium: amazon-ssm-agent
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
OESA-2024-2175 nodejs security update
Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to t...
PT-2024-5937
Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.9.x through 2.9.9 HAProxy versions 3.0.x through 3.0.3 HAProxy versions 3.1.x through 3.1-dev6 Description: The issue is related to a remote denial of service vulnerability in HAProxy, which can be exploited under certain...