RHEL 5 : dnsmasq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attack...

RHEL 7 : etcd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - etcd: Cross-site request forgery via crafted local POST forms CVE-2018-1098 - etcd: Information discosure...

RLSA-2024:2566 Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

The vulnerability of the distributed file system (DFS) in the Windows operating system, which allows a hacker to expose protected information

The vulnerability of the distributed file system DFS in the Windows operating system is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system...

The vulnerability of the distributed file system (DFS) of the Windows operating system, which allows a hacker to execute arbitrary code

The vulnerability of the distributed file system DFS in the Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the `saslJaasServerRoleTokenSignerSecretPath` component in the cloud platform for distributed messaging and Apache Pulsar’s streaming communication allows a attacker to forge the SASL role token, thereby compromising the confidentiality and integrity of the protected information.

The vulnerability of the saslJaasServerRoleTokenSignerSecretPath component in the cloud platform for distributed messaging and Apache Pulsar streaming involves a lack of protection for service-related data. Exploiting this vulnerability could allow an attacker to forge the SASL role token and...

GHSA-Q9P4-HW9M-FJ2V Apollo Router vulnerable to Critical Regression In Query Plan Cache

Impact Any instance of Apollo Router 1.44.0 or 1.45.0 that is using Distributed Query Plan Caching is impacted. These versions were released on 2024-04-12 and 2024-04-22 respectively. The affected versions of Apollo Router contain a bug that could lead to unexpected operations being executed, whi...

Apollo Router vulnerable to Critical Regression In Query Plan Cache

Impact Any instance of Apollo Router 1.44.0 or 1.45.0 that is using Distributed Query Plan Caching is impacted. These versions were released on 2024-04-12 and 2024-04-22 respectively. The affected versions of Apollo Router contain a bug that could lead to unexpected operations being executed, whi...

CVE-2024-32971

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...

CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...

CVE-2024-32971

CVE-2024-32971 affects Apollo Router when using distributed query plan caching. A bug in the router’s cache retrieval logic may cause an operation (query, mutation, or subscription) to execute a modified version of a previously run operation, potentially yielding unexpected results or errors. Pub...

CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...

kernel: smb: client: fix missed ses refcounting

A use-after-free vulnerability was found in the Linux kernel's SMB client implementation. When handling SMB sessions with DFS Distributed File System root sessions, the code fails to properly increment the reference count for both the session and its dfsrootses. This can cause the dfsrootses to b...

[SECURITY] Fedora 39 Update: nodejs18-18.20.2-1.fc39

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

[SECURITY] Fedora 40 Update: nodejs18-18.20.2-1.fc40

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

[SECURITY] Fedora 40 Update: nodejs20-20.12.2-1.fc40

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

Moderate: Red Hat Security Advisory: Red Hat Service Interconnect 1.5.3 Release (images)

OpenShift container images for the Red Hat Service Interconnect 1.5 release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

The vulnerability of the implementations of CAS, SAML, and OpenID Connect protocols in the web application for deploying distributed social networks like Mastodon allows attackers to circumvent security restrictions and gain access to user accounts.

The vulnerability of the implementation of CAS, SAML, and OpenID Connect protocols in the web application for deploying distributed social networks like Mastodon is related to deficiencies in the authentication process due to changes in the email address during login to the system. Exploiting thi...

CVE-2024-29905

DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...

CVE-2024-29066

Windows Distributed File System DFS Remote Code Execution Vulnerability...