SUSE-SU-2024:3097-1 Security update for kubernetes1.28

This update for kubernetes1.28 fixes the following issues: Update kubernetes to version 1.28.13: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf bsc1229867 - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. Th...

ROS-20240827-11

Vulnerability in the HTTP2 Stream Handler component of Apache Tomcat application server is related to insufficient exceptional state handling. exceptional state handling. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a...

CBL Mariner 2.0 Security Update: qt5-qtbase (CVE-2024-39936)

The version of qt5-qtbase installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39936 advisory. - An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before...

SUSE-SU-2024:2946-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-37369: Fixed a buffer overflow in QXmlStreamReader QTBUG-91889, bsc1214327. - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms due to anomalous behavior from the X server bsc1222120 -...

SUSE-SU-2024:2890-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-51714: Fixed an incorrect integer overflow check bsc1218413. - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted can be responded to bsc1227426 - CVE-2023-45935: Fixed NULL pointer...

K000140696: Qt vulnerability CVE-2023-51714

Security Advisory Description An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 Impact There is no...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qt6-base (SUSE-SU-2024:2873-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2873-1 advisory. - CVE-2024-33861: Fixed an invalid pointer being passed as a callback which coud lead to...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qt6-base (SUSE-SU-2024:2875-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2875-1 advisory. - CVE-2024-33861: Fixed an invalid pointer being passed as a callback which coud lead to...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libqt5-qtbase (SUSE-SU-2024:2882-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2882-1 advisory. - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms due to...

SUSE-SU-2024:2883-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms due to anomalous behavior from the X server bsc1222120 - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted c...

SUSE-SU-2024:2882-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms due to anomalous behavior from the X server bsc1222120 - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted c...

SUSE-SU-2024:2875-1 Security update for qt6-base

This update for qt6-base fixes the following issues: - CVE-2024-33861: Fixed an invalid pointer being passed as a callback which coud lead to modification of the stack bsc1223917 - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted can be responded to...

UBUNTU-CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

Fedora: Security Advisory (FEDORA-2024-cb8acbf644)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-661bb6322d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

ROS-20240806-10

A vulnerability in the HTTP2 handler component of the Apache HTTP Server web server is related to the ability to The vulnerability in the HTTP2 handler component of Apache HTTP Server is related to the ability to generate a stream of requests within an established network connection, without...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update as...

[SECURITY] Fedora 39 Update: mod_http2-2.0.29-1.fc39

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...