Scientific Linux Security Update : openldap on SL7.x i686/x86_64 (2022:0621)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0621-1 advisory. - openldap: assertion failure in Certificate List syntax validation CVE-2020-25709 - openldap: assertion failure in CSN normalization with invali...

Oracle Linux 7 : openldap (ELSA-2022-0621)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0621 advisory. - Fix CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation 2040539 Tenable has extracted the preceding description block...

openldap security update

2.4.44-25 - Fix CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation 2040539 - Fix CVE-2020-25710 openldap: assertion failure in CSN normalization with invalid input 2040538...

RHEL 8 : unbound (RHSA-2022:0632)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0632 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: integer overflow in the...

openldap: assertion failure in CSN normalization with invalid input

A flaw was found in OpenLDAP. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23. The highest threat from this vulnerability is to system availability...

unbound: assertion failure and denial of service in synth_cname

A flaw was found in unbound. A reachable assertion in the synthcname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dnamepktcopy function. The highest threat from this vulnerability...

unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet

A flaw was found in unbound. A reachable assertion in the dnamepktcopy function can be triggered by sending invalid packets to the server. The highest threat from this vulnerability is to service availability...

unbound: assertion failure via a compressed name in dname_pkt_copy

A flaw was found in unbound. A reachable assertion in the dnamepktcopy function can be triggered through compressed names. The highest threat from this vulnerability is to service availability...

VulnCheck KEV: CVE-2022-23131

Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML...

RHEL 7 : openldap (RHSA-2022:0621)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0621 advisory. OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LDAP applications and development tools. LDAP is a set of protocol...

CVE-2022-22901

There is an Assertion in 'contextp-nextscannerinfop-type == SCANNERTYPEFUNCTION' failed at parserparsefunctionarguments in /js/js-parser.c of JerryScript commit a6ab5e9...

CVE-2022-22901

There is an Assertion in 'contextp-nextscannerinfop-type == SCANNERTYPEFUNCTION' failed at parserparsefunctionarguments in /js/js-parser.c of JerryScript commit a6ab5e9...

CVE-2022-22901

There is an Assertion in 'contextp-nextscannerinfop-type == SCANNERTYPEFUNCTION' failed at parserparsefunctionarguments in /js/js-parser.c of JerryScript commit a6ab5e9...

CVE-2022-22901

CVE-2022-22901 affects JerryScript (engine). The issue is an assertion failure in /js/js-parser.c: parser_parse_function_arguments, triggered by commit a6ab5e9 when context_p->next_scanner_info_p->type != SCANNER_TYPE_FUNCTION. Root cause: scanner information type mismatch. Impact described...

CVE-2022-22901

Removed by vendor...

JerryScript 安全漏洞

JerryScript is a lightweight JavaScript engine from the JerryScript Jerryscript project. JerryScript has a security vulnerability that stems from an assertion failure in /js/js-parser.c in JerryScript commit a6ab5e9...

Error: Identity Assertion Logon failed Unrecognized Federated Authentication Service

Citrix FAS configured for authentication. Published Desktop or Published Application fails to launch with error: "Identity Assertion Logon failed. Unrecognized Federated Authentication Service"...

Denial Of Service (DoS)

tcpreplay is vulnerable to denial of service. It is possible because of reachable assertion in addtreeipv4 at tree.c...

EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2022-1150)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle...

EulerOS Virtualization 3.0.6.6 : openldap (EulerOS-SA-2022-1134)

According to the versions of the openldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd...