AlmaLinux 9 : nodejs:18 (ALSA-2025:1446)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:1446 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...

CLSA-2025-1739525872 Fix CVE(s): CVE-2024-53104

CVE-url: https://ubuntu.com/security/CVE-2024-53104 - media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat...

CLSA-2025-1739525834 kernel: Fix of 24 CVEs

media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-2024-53104 - wifi: ath9k: add range check for connrspepid in htcconnectservice CVE-2024-53156 - xsk: fix OOB map writes when deleting elements CVE-2024-56614 - hvsock: Initializing vsk-trans to NULL to prevent a...

CLSA-2025-1739525173 Fix CVE(s): CVE-2024-53104

CVE-url: https://ubuntu.com/security/CVE-2024-53104 - media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat...

nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap

A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...

Important: thunderbird

Issue Overview: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132. CVE-2024-10458 An attacker could have caused a...

Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap

A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...

Security update for podman

This update for podman fixes the following issues: CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227052 CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

CLSA-2025-1739352814 kernel: Fix of 13 CVEs

media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-2024-53104 - btrfs: fix information leak in btrfsioctllogicaltoino CVE-2024-35849 - net: afcan: do not leave a dangling sk pointer in cancreate CVE-2024-56603 - netfilter: xtables: fix LED ID check in ledtgcheck...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CLSA-2025-1739292069 kernel: Fix of 13 CVEs

media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-2024-53104 - btrfs: fix information leak in btrfsioctllogicaltoino CVE-2024-35849 - net: afcan: do not leave a dangling sk pointer in cancreate CVE-2024-56603 - netfilter: xtables: fix LED ID check in ledtgcheck...

Security update for skopeo

This update for skopeo fixes the following issues: CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227056 CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: tap: added missing verification for short frames The referenced commit failed to check the validity of the frame length in the tapgetuserxdp function, which could result in a corrupted skb being sent down the stack. Even before t...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. Chromium security severity: Medium...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Azure Linux 3.0 Security Update: coredns (CVE-2023-49295)

The version of coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49295 advisory. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49997)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49997 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42083)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42083 advisory. - In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi-...