Amazon Corretto Java 11.x < 11.0.17.8.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 11 11.0.17.8.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2022-Oct-18 advisory. - security-libs/org.ietf.jgss CVE-2022-21618 - security-libs/java.security CVE-2022-21619,...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2022-2401)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash...

CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

CVE-2018-25047

Smarty3 (PHP templating engine) is vulnerable to XSS in smarty_function_mailto when using Smarty &lt;3.1.47 and Smarty 4.x

SUSE: Security Advisory (SUSE-SU-2022:3178-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: convert2rhel security, bug fix, and enhancement update

An update for convert2rhel is now available for Convert2RHEL for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

faac: Denial of service

Background faac contains free MPEG-4 audio codecs by AudioCoding.com. Description An invalid pointer can be dereferenced in the huffcode function of libfaac/huff2.c, leading to a crash. Impact An attacker with the ability to provide crafted input to faac could cause a denial of service. Workaroun...

SUSE: Security Advisory (SUSE-SU-2022:2582-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in ajax-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a42a0d791115ba30e5e048f5af09cdaff93938a6ca4a25d5af7ae617df66b47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-921 Malicious code in ajax-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a42a0d791115ba30e5e048f5af09cdaff93938a6ca4a25d5af7ae617df66b47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3040 Malicious code in finastra-nodejs-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e6a9bcca9d10ce688e00eb4a63926581e73d476c15bb88fff42f9fb30a39f25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-793 Malicious code in @zeos-libs/auth-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eee22ec16fe8410ba0fa17b116c3f3bc6c12ac2f37d88e9e81e5cc13ac891467 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2022:4642 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

new packages: ding-libs

An update is available for ding-libs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpri...

AlmaLinux 8 : exiv2 (ALSA-2022:1842)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1842 advisory. - A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service DOS via a crafted file...

Oracle OpenJDK ECDSA Signatures Vulnerability (CVE-2022-21449)

Oracle OpenJDK is prone to vulnerability in the implementation of ECDSA signature verification Component: security-libs/java.security. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Oracle OpenJDK Unspecified Vulnerability (CVE-2022-21476)

Oracle OpenJDK is prone to an unspecified vulnerability in the security-libs/java.security component. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Amazon Corretto Java 18.x < 18.0.1.10.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 18 18.0.1.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-18-2022-Apr-19 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input ha...

Amazon Corretto Java 17.x < 17.0.3.6.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.3.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2022-Apr-17 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has...