MongoDB Server (mongod) may crash when generating ftdc

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions...

CVE-2024-3374 MongoDB Server (mongod) may crash when generating ftdc

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions...

CVE-2024-3374

CVE-2024-3374 involves MongoDB Server (mongod) where an unauthenticated user can trigger a fatal assertion while generating ftdc diagnostic metrics by building a BSON object that exceeds certain memory sizes. The issue affects MongoDB Server v5.0 (prior to and including 5.0.16) and v6.0 (prior to...

MongoDB Server 安全漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server version v5.0 up to and including version 5.0.16...

PowerDNS DNSdist 安全漏洞

PowerDNS DNSDist is a load balancer from the Dutch company PowerDNS. The product is capable of diverting traffic to different servers to provide optimal performance for users. A security vulnerability exists in PowerDNS DNSdist versions prior to 1.9.4, which stems from the fact that an attacker c...

QuickJS Security Vulnerability

QuickJS is a small and embeddable Javascript engine. A security vulnerability exists in QuickJS that stems from an assertion failure...

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

RHEL 8 : libnbd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libnbd: Assertion failure in nbdunlockedoptgo in lib/opt.c CVE-2021-20286 - libnbd: Crash or misbehaviour...

RHEL 7 : jasper (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jasper: heap-based buffer over-read of size 8 in jasimagedepalettize in libjasper/base/jasimage.c...

RHEL 8 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - redis: integer overflow in the getnum function in luastruct.c could lead to a DoS CVE-2020-14147 - redis:...

RHEL 5 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: ACL restrictions bypass due to saslssf value being set permanently CVE-2019-13565 - An issue wa...

RHEL 7 : unbound (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - unbound: out-of-bounds write via a compressed name in rdatacopy CVE-2019-25042 - A flaw was found in the...

RHEL 7 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: OpenLDAP SQL injection CVE-2022-29155 - A flaw was found in OpenLDAP. This flaw allows an...

RHEL 8 : openvswitch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openvswitch: limitation in the OVS packet parsing in userspace leads to DoS CVE-2020-35498 - openvswitch:...

RHEL 7 : avahi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket CVE-2021-3468 -...

RLSA-2024:2551 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

CVE-2023-43529 Reachable Assertion in Data Modem

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received...

RLSA-2024:1781 Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

Oracle Linux 9 : avahi (ELSA-2024-2433)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2433 advisory. - Fix CVE-2023-38469 RHEL-5637 - Fix CVE-2023-38471 RHEL-5642 - Fix CVE-2023-38472 RHEL-5645 - Fix CVE-2023-38470 RHEL-5641 Tenable has extracted the...

CVE-2024-34475

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmmstateauthentication in amf/gmm-sm.c for != OGSERROR...