6095 matches found
CVE-2023-52437
Removed by vendor...
CVE-2023-52433
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an alrea...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active...
CVE-2024-26581 netfilter: nft_set_rbtree: skip end interval element from gc
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active...
CVE-2023-52433 netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an alrea...
Advisory ROSA-SA-2024-2349
Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87.res7.11 CVE-ID: CVE-2022-28734 BDU-ID: 2024-01201 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Grub loader is related to out-of-bounds writes when processing delimited HTTP headers. Exploitation of the vulnerability...
February 13, 2024—KB5034830 (Monthly Rollup)
February 13, 2024—KB5034830 Monthly Rollup IMPORTANT The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...
Advisory ROSA-SA-2024-2340
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.1.res7 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to an argument injection or...
Update 21.16 for Microsoft Dynamics 365 Business Central (on-premises) 2022 Release Wave 2 (Application Build 21.16.63199, Platform Build 21.0.63175)
None None...
Veeam Recovery Orchestrator Vulnerability ( CVE-2024-22021 | CVE-2024-22022 )
Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program VDP for all Veeam products and perform extensive internal code audits. When a vulnerability is...
Medium: systemd
Issue Overview: systemd-resolved accepts records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. CVE-2023-7008 Affected Packages: systemd Issue Correction: Run dnf update systemd --releasever 2023.3.2024020...
Medium: systemd
Issue Overview: systemd-resolved accepts records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. CVE-2023-7008 Affected Packages: systemd Issue Correction: Run dnf update systemd --releasever 2023.3.2024020...
CVE-2023-5841
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...
CVE-2023-5841
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...
The vulnerability of the systemd-resolved service responsible for managing network connections and domain name resolution allows attackers to modify DNS records protected by DNSSEC, by gaining access to a channel from a non-endpoint location.
The vulnerability of the systemd-resolved service for managing network connections and domain name system DNS resolutions is related to deficiencies in verifying the authenticity of messages sent from DNS clients. Exploiting this vulnerability allows a malicious actor to alter DNS records protect...
Fedora 38 : systemd (2024-c79658eedf)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c79658eedf advisory. - A bunch of fixes for various components: systemd, systemctl, hostnamectl, bootctl, systemd-networkd, systemd-network-generator, systemd-analyze,...
GHSA-RJQ5-W47X-X359 @hono/node-server cannot handle "double dots" in URL
Impact Since v1.3.0, we use our own Request object. This is great, but the url behavior is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request will be in the resolved path. ts const req = new...
Advisory ROSA-SA-2024-2328
Software: libpng 1.6.34 OS: ROSA Virtualization 2.1 packageevrstring: libpng-1.6.34-5.0.1.rv3.src.rpm CVE-ID: CVE-2019-7317 BDU-ID: 2019-03330 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pngimagefree function png.c of the PNG libpng bitmap graphics library involves the pngimagefreefunction...
Advisory ROSA-SA-2024-2326
Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: httpd-2.4.6-98.0.1.res7.7 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of the...
Fedora 39 : systemd (2024-b8312ca5b3)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b8312ca5b3 advisory. - A bunch of fixes for various components: systemd, systemctl, systemd-firstboot, systemd-repart, bootctl, systemd-networkd, systemd-network-generator,...