Node.js 20.x < 20.19.2 / 22.x < 22.15.1 / 22.x < 22.15.1 / 23.x < 23.11.1 / 24.x < 24.0.2 Multiple Vulnerabilities (Wednesday, May 14, 2025 Security Releases).

The version of Node.js installed on the remote host is prior to 20.19.2, 22.15.1, 22.15.1, 23.11.1, 24.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday, May 14, 2025 Security Releases advisory. - In Node.js, the ReadFileUtf8 internal binding leaks memory...

Alibaba Cloud Linux 3 : 0255: expat (ALINUX3-SA-2024:0255)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0255 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-50602: An issue was discovered in libexpat...

ALSA-2025:7243 Moderate: gstreamer1-plugins-base security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins. Security Fixes: gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference...

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2025:6977 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RHEL 9 : python3.11 (RHSA-2025:7109)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7109 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

[SECURITY] [DLA 4145-1] expat security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4145-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 30, 2025 https://wiki.debian.org/LTS -...

GoBGP crashes in the flowspec parser

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...

CVE-2025-43972

CVE-2025-43972 affects GoBGP prior to 3.35.0. The vulnerability is in the flowspec parser within pkg/packet/bgp/bgp.go, where an attacker can trigger a crash by sending fewer than 20 bytes in a specific context. The impact is a crash (potential denial via crash) as described in multiple sources. ...

RHEL 9 : expat (RHSA-2025:3350)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3350 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: DoS via XMLResumeParser CVE-2024-50602 For more details about the...

Medium: python3.9

Issue Overview: The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could...

SUSE-SU-2025:1012-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers bsc1239664 - CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 - CVE-2025-1219: Fixed libxml streams using wrong...

Linux Distros Unpatched Vulnerability : CVE-2024-7264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser...

Linux Distros Unpatched Vulnerability : CVE-2021-38443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...

Linux Distros Unpatched Vulnerability : CVE-2023-29451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. CVE-2023-29451 Note th...

Linux Distros Unpatched Vulnerability : CVE-2019-15903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to...

Linux Distros Unpatched Vulnerability : CVE-2017-12995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- domain.c:nsprint. CVE-2017-12995 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2016-7936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udpprint. CVE-2016-7936 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2017-13028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootpprint. CVE-2017-13028 Note that Nessus relies on the presence of the packa...

Linux Distros Unpatched Vulnerability : CVE-2017-13002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodvextension. CVE-2017-13002 Note that Nessus relies on the presence of the...