[SECURITY] Fedora 42 Update: rrdtool-1.9.0-8.fc42

RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...

BIT-NODE-MIN-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

CVE-2024-36462

Technical details about CVE-2024-36462 are not publicly provided in the connected documents. The sources describe generic uncontrolled resource consumption and DoS impact; no affected product/version or patch info is specified. Monitor for updates.

RHEL 9 : nodejs (RHSA-2024:1678)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1678 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

Oracle Linux 8 : nodejs:16 (ELSA-2024-1444)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1444 advisory. - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging Tenable h...

AlmaLinux 9 : nodejs (ALSA-2024:1438)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1438 advisory. - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2024:0732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0732-1 advisory. - A vulnerability in the privateDecrypt API of the crypto library, allowed a covert timing side-channel during PKCS1 v1.5 padding...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

CVE-2024-1185

A vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclos...

Design/Logic Flaw

A vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclos...

CVE-2024-1185

CVE-2024-1185 affects Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0, specifically the Registration Handler. The issue allows a locally approached denial of service due to a vulnerability in that component. Public exploit information is indicated, and the vendor reportedly did not respond to...

Nsasoft NBMonitor Network Bandwidth Monitor Security Vulnerability

Nsasoft NBMonitor Network Bandwidth Monitor is a network bandwidth monitor from Nsasoft, USA. A security vulnerability exists in Nsasoft NBMonitor Network Bandwidth Monitor version 1.6.5.0, which originates from the component Registration Handler that can cause a denial of service...

Ubuntu 23.04 / 23.10 : Puma vulnerability (USN-6597-1)

The remote Ubuntu 23.04 / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6597-1 advisory. It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to...

CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

Node.js: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

A vulnerability in Node.js HTTP servers was discovered that allowed denial of service DoS attacks. By sending specially crafted HTTP requests with chunked encoding, an attacker could cause resource exhaustion on the server. The lack of limitations on chunk extension bytes enabled the server to re...

HTTP/2 Stream Cancellation Attack

HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RSTSTREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The clie...