11 matches found
ALSA-2026:35829 Important: grafana-pcp security update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the CapFQDN.DecodeFromBytes function of the BGP OPEN Message Handler. An attacker can bypass intended access controls by manipulating the domainNameLen argument remotely, potentially resulting in...
MiracleLinux 8 : nodejs:14 (AXSA:2021-2448:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2448:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...
Security update for ruby2.5
This update for ruby2.5 fixes the following issues: CVE-2025-24294: resolv: insufficient checks on the length of a decompressed domain name when processing a DNS packet can lead to a denial of service due to excessive resource consumption bsc1246430. Patch Instructions: To install this SUSE updat...
EUVD-2009-2469
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-43523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo,...
OPENSUSE-SU-2021:3211-1 Security update for nodejs14
This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22931: Fixed improper handling of untypical characters in domain names bsc1189370. - CVE-2021-22940: Use after free on close http2 on stream canceling bsc118936...
OPENSUSE-SU-2021:1214-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names bsc1189370, bsc1188881 - CVE-2021-22940: Use after free on close http2 on stream canceling bsc1189368 - CVE-2021-22939: Incomplete...
Asterisk Open Source/Certified Asterisk Certificate Validation Vulnerability
Asterisk is a free software, open source software that implements the functionality of a telephone user switch PBX. Asterisk Open Source has a security vulnerability due to a failure to properly handle domain names in the CN field of an X.509 certificate when registering a SIP TLS device. Allowin...
Opera Multiple Vulnerabilities - December11 (Windows)
The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulndec11win.nasl 7029 2017-08-31 11:51:40Z teissa $ Opera Multiple Vulnerabilities - December11 Windows Authors: Rachana Shetty Copyright: Copyright c 2011 Greenbone Networks Gmb...
ISMail < 1.4.5 Multiple Command Domain Name Handling Overflow
Binary data 2041.prm...