RHEL 9 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 - Redis is an in-memory...

nss bug fix update

An update is available for nss. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...

image 安全漏洞

image is a set of Go libraries designed to handle container images and container image registries in various ways. A security vulnerability exists in image, which stems from a flaw found in the image library. An attacker exploiting this vulnerability could perform resource exhaustion, local path...

net.mingsoft:ms-ad (=1.0.0), net.mingsoft:ms-clean (>=1.0.0 <=1.0.1) +23 more potentially affected by CVE-2024-33748 via net.mingsoft:ms-basic (>=1.0.10 <=2.1.13.1)

net.mingsoft:ms-basic MAVEN version =1.0.10, =1.0.0, =1.0.4, =1.0.0, =4.6.3-SNAPSHOTS, =1.0.0, =1.0.4, =1.0.0, =1.0.1, =1.0.1, =1.0.2 and more Source cves: CVE-2024-33748 Source advisory: OSV:GHSA-64CM-3CJ3-67HF...

The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library arises from the use of memory after it is freed. This allows an attacker to execute arbitrary code.

The vulnerability of the Microsoft ODBC Driver for SQL Server dynamic loading library is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow a remo...

Moderate: Red Hat Security Advisory: motif security update

An update for motif is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2023-50434

CVE-2023-50434 affects emdns: emdns_resolve_raw in emdns.c may call strlen on non-terminated input, causing a stack-based buffer over-read. Exploitation is possible over the network via DNS requests to the emdns server; impact varies by libraries, compiler, and architecture. Code before be565c3 i...

CVE-2023-50434

emdnsresolveraw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system...

CVE-2023-50434

emdnsresolveraw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system...

RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

cn.sliew:carp-ageiport-server (>=0.0.10 <=0.0.14), com.abavilla:fpi-bot-api (>=1.8.1 <=1.8.5) +190 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common (>=3.3.0 <=3.6.8)

io.quarkus:quarkus-resteasy-reactive-common MAVEN version =3.3.0, =0.0.10, =1.8.1, =1.8.1, =1.8.6, =1.8.6, =1.9.0, =1.9.0, =1.10.1, =1.10.1, =1.0.29, =1.0.29, =1.6.1, =1.6.1, =1.5.1, =1.5.1, =1.6.0 and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25W4-HFQG-4R52...

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 For more details about the security issues, including the impact, a CVSS score...

[SECURITY] Fedora 38 Update: glibc-2.37-19.fc38

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

[SECURITY] Fedora 39 Update: glibc-2.38-18.fc39

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

[SECURITY] Fedora 40 Update: glibc-2.39-8.fc40

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

[SECURITY] Fedora 40 Update: dotnet8.0-8.0.103-1.fc40

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

@0xunreal/dynamic-amm-sdk (>=0.4.22 <=0.4.23), @0xunreal/vault-sdk (=0.5.3) +58 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.66.0 <=1.66.2)

@solana/web3.js NPM version =1.66.0, =0.4.22, =2.0.0-alpha.1, =2.0.0-alpha.5, =2.0.0-alpha.1, =2.11.0, =0.1.0, =0.2.0-master.41, =1.9.0, =0.0.2, =1.10.0-alpha.6, =4.0.0-beta.5, =4.0.0-beta.5, =4.0.0-beta.14 and more Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@abytecurious/serum (>=0.13.38 <=0.13.39), @arkecosystem/platform-sdk-sol (>=3.0.31 <=6.0.8) +67 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=0.0.3 <=0.95.0)

@solana/web3.js NPM version =0.0.3, =0.13.38, =3.0.31, =0.0.1, =0.13.14, =0.1.0, =0.0.4, =1.0.1, =1.0.7, =1.0.1, =2.2.3, =0.0.6, =1.0.0, =1.1.0 and more Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

ai.optfor:spring-openai-api (>=0.1 <=0.3.25), am.ik.s3:simple-s3-client (>=0.1.0 <=0.1.1) +3861 more potentially affected by CVE-2024-22262 via org.springframework:spring-web (>=6.0.0 <=6.0.18)

org.springframework:spring-web MAVEN version =6.0.0, =0.1, =0.1.0, =0.2.3, =0.2.3, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =1.5.0.RELEASE, =1.5.2.RELEASE - be.tomcools:rickroll-security-spring-boot-starter =3.1.1 -...