CVE-2022-25231

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...

CVE-2022-25231

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...

CVE-2022-25231 Denial of Service (DoS)

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...

CVE-2022-24298

All versions of package freeopcua/freeopcua are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...

node-opcua 安全漏洞

node-opcua is an open source implementation of an OPC UA stack written entirely in Typescript for NodeJS by Sterfive SAS in France. A security vulnerability exists in node-opcua versions prior to 2.74.0 that stems from vulnerability to denial-of-service DoS attacks by sending specially crafted OP...

GLSA-202208-23 : Xen: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-23 Xen: Multiple Vulnerabilities - IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACP...

USN-5546-2 openjdk-8 vulnerabilities

USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain...

CVE-2022-35922

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

Design/Logic Flaw

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

CLSA-2022-1656430448 Fixed CVEs in mod_http2-3.module_el8.5.0+2060+6f259f31: CVE-2022-26377, CVE-2022-30556, CVE-2022-28615, CVE-2022-30522, CVE-2022-31813

CVE-2022-30522: modsed: limit memory usage - CVE-2022-26377: modproxyajp: fix HTTP request smuggling - CVE-2022-28615: fix possible out-of-bounds read in apstrcmpmatch - CVE-2022-30556: modlua: fix r:wsread to not return length that point past the end of the storage allocated for the buffer -...

CLSA-2022-1656429967 Fixed CVEs in httpd-39.module_el8.4.0+2061+54659116.1.tuxcare.centos8.4-els: CVE-2022-28615, CVE-2022-31813, CVE-2022-30556, CVE-2022-26377, CVE-2022-30522

CVE-2022-30522: modsed: limit memory usage - CVE-2022-26377: modproxyajp: fix HTTP request smuggling - CVE-2022-28615: fix possible out-of-bounds read in apstrcmpmatch - CVE-2022-30556: modlua: fix r:wsread to not return length that point past the end of the storage allocated for the buffer -...

CLSA-2022-1648136371 Fix of CVE: CVE-2022-22721, CVE-2022-23943, CVE-2022-22719, CVE-2022-22720

CVE-2022-22719: modlua: error out if luareadbody or luawritebody fail - CVE-2022-22720: simpler connection close logic if discarding the request body fails - CVE-2022-22721: make sure and check that LimitXMLRequestBody fits in system memory - CVE-2022-23943: modsed: use sizet to allow for larger...

OracleVM 3.4 : xen (OVMSA-2022-0004)

The remote OracleVM system is missing necessary patches to address security updates: - issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2021:3968-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3968-1 advisory. - PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions specified...

openSUSE 15 Security Update : xen (openSUSE-SU-2021:3968-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3968-1 advisory. - PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions specified via...

OPENSUSE-SU-2021:3968-1 Security update for xen

This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly XSA-386 bsc1191363. - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs XSA-388 bsc1192557. - CVE-2021-28705, CVE-2021-28709: Fixed issues...

openSUSE 15 Security Update : xen (openSUSE-SU-2021:1543-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1543-1 advisory. - PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions specified via...

Security update for xen (moderate)

openSUSE Security Update: Security update for xen Announcement ID: openSUSE-SU-2021:3968-1 Rating: moderate References: 1027519 1191363 1192554 1192557 1192559 Cross-References: CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores:...

OPENSUSE-SU-2021:1543-1 Security update for xen

This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly XSA-386 bsc1191363. - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs XSA-388 bsc1192557. - CVE-2021-28705, CVE-2021-28709: Fixed issues...

Debian DSA-5017-1 : xen - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5017 advisory. Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. For the...