[SECURITY] Fedora 36 Update: python-nbxmpp-3.2.2-1.fc36

python-nbxmpp is a Python library that provides a way for Python applications to use Jabber/XMPP networks in a non-blocking way...

Fedora: Security Advisory for python-nbxmpp (FEDORA-2022-bf1f350185)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine

A flaw was found in Apache Tomcat. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet can trigger an infinite loop, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

Fedora: Security Advisory for squid (FEDORA-2022-0fa51087e7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Attacker can block LayerZero channel

Lines of code Vulnerability details Impact According to the LayerZero docs, the default behavior is that when a transaction on the destination application fails, the channel between the src and dst app is blocked. Before any new transactions can be executed, the failed transaction has to be retri...

Node.js trust management issue vulnerability

nodejs is a JavaScript runtime environment based on the ChromeV8 engine that makes it possible to develop high-performance backend applications using Javascript by wrapping the Chromev8 engine and using event-driven and non-blocking IO applications. nodejs is vulnerable to trust management issues...

[SECURITY] Fedora 35 Update: nodejs-16.14.0-2.fc35

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2022:0293-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0293-1 advisory. - A vulnerability was found in Linux Kernel where refcount leak in llcpsockbind causing use-after-free which might lead to privilege escalation...

SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP2) (SUSE-SU-2022:0291-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0291-1 advisory. - A vulnerability was found in Linux Kernel where refcount leak in llcpsockbind causing use-after-free which might lead to privilege escalation...

Fedora: Security Advisory for nodejs (FEDORA-2022-78090d2099)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: nodejs-16.13.2-1.fc35

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 34 Update: nodejs-14.18.3-1.fc34

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Nodejs Command Injection Vulnerability

nodejs is a JavaScript runtime environment based on the ChromeV8 engine through the Chromev8 engine for the packaging and the use of event-driven and non-blocking IO applications so that the development of high-performance Javascript background applications has become possible . A command injecti...

[SECURITY] Fedora 35 Update: nodejs-16.11.1-1.fc35

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 33 Update: nodejs-14.18.1-1.fc33

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Fedora: Security Advisory for squid (FEDORA-2021-de5e6c60c2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for squid (FEDORA-2021-4d2e7691ca)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine

A flaw was found in Apache Tomcat. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet can trigger an infinite loop, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

UBUNTU-CVE-2021-41079

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...

GHSA-44QP-QHFV-C7F6 Improper Handling of Exceptional Conditions in Apache Tomcat

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once ...