6423 matches found
AlmaLinux 9 : .NET 7.0 (ALSA-2023:5749)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5749 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...
AlmaLinux 9 : nginx (ALSA-2023:5711)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5711 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:5721)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5721 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are...
AlmaLinux 9 : nodejs (ALSA-2023:5765)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5765 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...
AlmaLinux 9 : dotnet6.0 (ALSA-2023:5708)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5708 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...
AlmaLinux 9 : go-toolset and golang (ALSA-2023:5738)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5738 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA...
AlmaLinux 9 : galera and mariadb (ALSA-2023:5684)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5684 advisory. - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc...
AlmaLinux 9 : bind (ALSA-2023:5689)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5689 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the...
AlmaLinux 8 : mariadb:10.5 (ALSA-2023:5683)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5683 advisory. mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6 CVE-2023-5157 mariadb: use-after-poison in prepareinplaceaddvirtual in...
AlmaLinux 8 : libvpx (ALSA-2023:5537)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5537 advisory. - VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488 - Heap buffer overflow in vp8 encoding in libvpx i...
AlmaLinux 8 : firefox (ALSA-2023:5433)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:5433 advisory. - During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability...
AlmaLinux 9 : libvpx (ALSA-2023:5539)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5539 advisory. - VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488 - Heap buffer overflow in vp8 encoding in libvpx i...
AlmaLinux 8 : thunderbird (ALSA-2023:5428)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:5428 advisory. - During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability...
AlmaLinux 9 : nodejs (ALSA-2023:5532)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5532 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability...
Important: nodejs security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...
AlmaLinux 9 : ghostscript (ALSA-2023:5459)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5459 advisory. - Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix. CVE-2023-36664 Note...
AlmaLinux 9 : firefox (ALSA-2023:5434)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5434 advisory. - During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability...
AlmaLinux 8 : glibc (ALSA-2023:5455)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5455 advisory. - A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via...
AlmaLinux 9 : python3.9 (ALSA-2023:5462)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5462 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...
AlmaLinux 8 : bind9.16 (ALSA-2023:5460)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5460 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the...