Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2189)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2164)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.0 : curl (EulerOS-SA-2024-2189)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

curl: HTTP/2 push headers memory-leak

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-2134)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

curl security update

7.76.1-29.el94.1 - provide common cleanup method for push headers CVE-2024-2398...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-2114)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

PT-2024-7656 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.07.1 Description: The issue is related to a reflected Cross Site Scripting XSS vulnerability on the agentPushPreset page. This vulnerability exists due to inadequate protection of the web page...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

Gorush 安全漏洞

Gorush is a push notification server written in Go by Bo-Yi Wu, an individual developer. A security vulnerability exists in Gorush v1.18.4, which stems from the use of a deprecated version of TLS in the RunHTTPServer function. An attacker can use this vulnerability to intercept and manipulate dat...

CBL Mariner 2.0 Security Update: cmake / curl / mysql (CVE-2024-2398)

The version of cmake / curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2398 advisory. - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of...

CVE-2024-2398

...

macOS 13.x < 13.6.8 Multiple Vulnerabilities (HT214120)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.8. It is, therefore, affected by multiple vulnerabilities: - A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a...

CVE-2024-37265

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.60...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2022)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2024-2022)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowe...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1953)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...