28 matches found
Rocky Linux 9 : nodejs:18 (RLSA-2024:6147)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6147 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restriction vi...
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially...
AlmaLinux 8 : nodejs:18 (ALSA-2024:6148)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6148 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restriction via...
AlmaLinux 9 : nodejs:18 (ALSA-2024:6147)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6147 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restriction via...
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially...
AlmaLinux 8 : nodejs:20 (ALSA-2024:5814)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5814 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restriction via...
OESA-2024-1259 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth,...
OPENSUSE-SU-2020:1523-1 Security update for jasper
This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue bsc1010979. - CVE-2016-9399: Fix assert in calcstepsizes bsc1010980. - CVE-2017-5499: Validate component depth bit bsc1020451. - CVE-2017-5503: Check bounds in jasseq2dbindsub bsc1020456. -...