SUSE CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...

SUSE CVE-2022-0669

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master...

SUSE CVE-2022-42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2023:0208 Moderate: java-1.8.0-openjdk security and bug fix update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 OpenJDK: soundbank URL remote loading Sound, 8293742...

ALSA-2023:0208 Moderate: java-1.8.0-openjdk security and bug fix update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 OpenJDK: soundbank URL remote loading Sound, 8293742...

dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly

A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

RHEL 9 : dbus (RHSA-2023:0335)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0335 advisory. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a...

AlmaLinux 8 : dbus (ALSA-2023:0096)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0096 advisory. - An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause...

dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly

A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

Oracle Linux 8 : dbus (ELSA-2023-0096)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0096 advisory. - Fix CVE-2022-42010 2133644 - Fix CVE-2022-42011 2133638 Tenable has extracted the preceding description block directly from the Oracle Linux security...

EulerOS 2.0 SP9 : dbus (EulerOS-SA-2023-1096)

According to the versions of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause...

EulerOS 2.0 SP9 : dbus (EulerOS-SA-2023-1120)

According to the versions of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause...

EulerOS Virtualization 2.10.0 : libtirpc (EulerOS-SA-2022-2910)

According to the versions of the libtirpc package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TC...

EulerOS Virtualization 2.10.1 : libtirpc (EulerOS-SA-2022-2936)

According to the versions of the libtirpc package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TC...

Fedora 36 : dbus (2022-076544c8aa)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-076544c8aa advisory. Update to 1.14.4 Fix CVE-2022-42010, CVE-2022-42011 and CVE-2022-42012 Tenable has extracted the preceding description block directly from the Fedor...

The vulnerability of the decon_set_win_config() function in the Display and Enhancement Controller (DECON) driver of the Display Processing Unit (DPU) for Android mobile devices from Samsung allows a malicious actor to gain access to read, modify, or delete files, or to cause a service failure.

The vulnerability of the deconsetwinconfig function in the Display and Enhancement Controller DECON driver of the Display Processing Unit DPU for Android mobile devices from Samsung relates to the use of memory after it is freed during the processing of file descriptors. Exploiting this...

dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly

A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly

A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...