Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through lib/builtin.js. An attacker can execute host code when the allowlist includes -X or uses and then calls...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the processmetadataupdate function in the md-cluster module. This function derefreshes a null...

MiracleLinux 9 : mod_jk-1.2.49-1.el9, mod_proxy_cluster-1.3.20-1.el9 (AXSA:2024-7930:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7930:01 advisory. httpd: Apache Tomcat Connectors modjk Information Disclosure CVE-2023-41081 modcluster/modproxycluster: Stored Cross site Scripting CVE-2023-6710...

Linux Distros Unpatched Vulnerability : CVE-2023-5379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by...

Red Hat mod_cluster Local Denial of Service Vulnerability

Red Hat modcluster is the United States Red Hat Red Hat a HTTP protocol based on the implementation of load balancing, fault-tolerant cluster module. A local denial of service vulnerability exists in Red Hat modcluster. An attacker could exploit this vulnerability to cause a denial of service...