82 matches found
RLSA-2023:2654 Moderate: nodejs:18 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...
TencentOS Server 3: nodejs (TSSA-2023:0046)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0046 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2022-4904
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length...
openSUSE Security Advisory (SUSE-SU-2025:0348-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for libxml2 (SUSE-SU-2025:0341-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:0303-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-4904 affecting package rubygem-mini_portile2 2.8.0-1
CVE-2022-4904 affecting package rubygem-miniportile2 2.8.0-1. This CVE either no longer is or was never applicable...
CVE-2022-4904 affecting package grpc 1.42.0-11
CVE-2022-4904 affecting package grpc 1.42.0-11. This CVE either no longer is or was never applicable...
CVE-2022-4904 affecting package nodejs 14.21.3-1
CVE-2022-4904 affecting package nodejs 14.21.3-1. No patch is available currently...
CVE-2022-4904 affecting package python-gevent 1.3.6-5
CVE-2022-4904 affecting package python-gevent 1.3.6-5. No patch is available currently...
CBL Mariner 2.0 Security Update: c-ares / nodejs / python-gevent / grpc (CVE-2022-4904)
The version of c-ares / nodejs / python-gevent / grpc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4904 advisory. - A flaw was found in the c-ares package. The aressetsortlist is missing checks...
CVE-2022-4904 affecting package grpc for versions less than 1.62.0-2
CVE-2022-4904 affecting package grpc for versions less than 1.62.0-2. An upgraded version of the package is available that resolves this issue...
CVE-2022-4904 affecting package python-gevent for versions less than 21.1.2-3
CVE-2022-4904 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is available...
Amazon Linux 2 : c-ares (ALAS-2024-2399)
The version of c-ares installed on the remote host is prior to 1.10.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2399 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Serve...
Oracle Linux 8 : c-ares (ELSA-2023-7116)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7116 advisory. - Resolves: rhbz2209517 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service rhel-8.9.0 Tenable has extracted the preceding description block directly...
RHEL 9 : c-ares (RHSA-2023:7368)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7368 advisory. The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: buffer overflow in...
Moderate: Red Hat Security Advisory: c-ares security update
An update for c-ares is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CentOS 8 : c-ares (CESA-2023:7116)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:7116 advisory. - A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length...
Moderate: c-ares security update
The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904 For more details about the security issues, including the impact, a CVSS score,...
RHEL 8 : c-ares (RHSA-2023:7116)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7116 advisory. The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: buffer overflow in...