Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the checkType function. An attacker can cause the client to panic and terminate unexpectedly by providing invalid TUF metadata which is valid JSON. The vulnerable parsing happens before signature validation, so a...

Open Redirect

Directus is vulnerable to Open Redirect. The vulnerability is due to improper validation of the RelayState parameter in the SAML authentication callback endpoint, which allows an attacker to craft a malicious authentication request that redirects users to an arbitrary external URL after login...

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

MiracleLinux 7 : bind-9.11.4-26.P2.5.0.1.el7.AXS7 (AXSA:2021-1734:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1734:06 advisory. bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself CVE-2021-25215 Tenable h...

MiracleLinux 8 : dbus-1.12.8-24.el8.1 (AXSA:2023-6317:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6317:06 advisory. dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered CVE-2023-34969 CVEs: CVE-2023-34969 Tenable h...

MiracleLinux 8 : bind-9.11.20-5.el8 (AXSA:2021-1277:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1277:01 advisory. bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c CVE-2020-8619 bind: truncated TSIG response can lead to ...

MiracleLinux 8 : bind9.16-9.16.23-0.22.el8_10 (AXSA:2024-8665:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8665:02 advisory. bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam CVE-2024-1737 bind9: bind: SIG0 can be used to exhaust...

MiracleLinux 9 : galera-26.4.11-1.el9, mariadb-10.5.16-2.el9, mysql-selinux-1.0.5-1.el9 (AXSA:2022-4045:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4045:01 advisory. mariadb: MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used CVE-2021-46669...

MiracleLinux 9 : dbus-1.12.20-7.el9.1 (AXSA:2023-6323:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6323:07 advisory. dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered CVE-2023-34969 Tenable has extracted the...

MiracleLinux 8 : bind-9.11.26-4.el8 (AXSA:2021-2378:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2378:09 advisory. bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself CVE-2021-25215 Tenable h...

MiracleLinux 8 : dovecot-2.3.8-2.el8.2 (AXSA:2020-546:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-546:03 advisory. dovecot: Resource exhaustion via deeply nested MIME parts CVE-2020-12100 dovecot: Out of bound reads in dovecot NTLM implementation CVE-2020-12673...

MiracleLinux 8 : bind9.16-9.16.23-0.16.el8_9.2.ML.1 (AXSA:2024-7685:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7685:01 advisory. bind9: Parsing large DNS messages may cause excessive CPU load CVE-2023-4408 bind9: Querying RFC 1918 reverse zones may cause an assertion failure...

MiracleLinux 4 : bind-9.8.2-0.68.8.0.1.rc1.AXS4 (AXSA:2020-735:07)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-735:07 advisory. bind: truncated TSIG response can lead to an assertion failure CVE-2020-8622 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : bind-9.11.4-16.P2.6.0.1.el7.AXS7 (AXSA:2020-120:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-120:04 advisory. bind: BIND does not sufficiently limit the number of fetches performed when processing referrals CVE-2020-8616 bind: A logic error in code which chec...

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

CVE-2025-61684

CVE-2025-61684 affects Quicly, an IETF QUIC protocol implementation. The vulnerability is a denial-of-service caused by an assertion failure that crashes the process, exploitable before commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. The issue is mitigated by the mentioned commit which fixes the...

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

CVE-2025-61684 Quicly has assertion failures

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

CVE-2025-61684 Quicly has assertion failures

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

CVE-2025-61684 Quicly has assertion failures

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...