Lucene search
K

1305 matches found

SUSE Linux
SUSE Linux
added 2025/02/03 9:17 a.m.2 views

Security update for avahi

This update for avahi fixes the following issues: CVE-2024-52616: Properly randomize query id of DNS packets bsc1233420. Bug fixes: No longer supply bogus services to callbacks bsc1226586. Tag hardening patches as PATCH-FEATURE-OPENSUSE Remove dependency on /usr/bin/python3 using %python3fixsheba...

6.3CVSS7.3AI score0.00681EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/01/29 1:47 p.m.1 views

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to 22.13.1: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...

7.8CVSS7AI score0.01282EPSS
Exploits0References12
OSV
OSV
added 2025/01/29 1:47 p.m.8 views

SUSE-SU-2025:0284-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to 22.13.1: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 - CVE-2025-22150: Fixed insufficiently...

7.7CVSS6.8AI score0.01282EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/01/27 12:0 a.m.27 views

Fedora 40 : glibc (2025-69207650a4)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-69207650a4 advisory. This update addresses two security vulnerabilities: CVE-2025-0395: A buffer overflow may occur in the assert function with certain large program nam...

6.2CVSS6.9AI score0.00349EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/01/27 12:0 a.m.15 views

Fedora 41 : glibc (2025-497995b101)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-497995b101 advisory. This update addresses two security vulnerabilities: CVE-2025-0395: A buffer overflow may occur in the assert function with certain large program nam...

6.2CVSS6.9AI score0.00349EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/01/24 7:33 p.m.2 views

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.18.2: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...

7.8CVSS7AI score0.01282EPSS
Exploits0References12
SUSE Linux
SUSE Linux
added 2025/01/24 4:34 p.m.3 views

Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.6: CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258 Patc...

7.4CVSS7.3AI score0.01282EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/01/24 4:5 p.m.5 views

Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.6: CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258 Patc...

7.4CVSS6.9AI score0.01282EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/01/24 2:33 p.m.2 views

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.18.2: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...

7.8CVSS7.1AI score0.01282EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/01/23 10:52 p.m.12 views

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions. Mitigation Red Hat Product Security do...

4.8CVSS6.9AI score0.00244EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/01/23 3:48 a.m.3 views

SUSE CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS6.6AI score0.00736EPSS
Exploits0References15
OSV
OSV
added 2025/01/21 9:10 p.m.2 views

GHSA-C76H-2CCP-4975 Use of Insufficiently Random Values in undici

Impact Undici fetch uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled websit...

6.8CVSS6.8AI score0.00736EPSS
Exploits0References9
OSV
OSV
added 2025/01/21 6:15 p.m.4 views

AZL-55931 CVE-2025-22150 affecting package nodejs18 for versions less than 18.20.3-3

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS6.6AI score0.00736EPSS
Exploits0References1
OSV
OSV
added 2025/01/21 6:15 p.m.4 views

AZL-55950 CVE-2025-22150 affecting package nodejs for versions less than 20.14.0-5

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS6.6AI score0.00736EPSS
Exploits0References1
OSV
OSV
added 2025/01/21 6:15 p.m.1 views

UBUNTU-CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS6.8AI score0.00736EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.3 views

undici 安全特征问题漏洞

undici is an HTTP/1.1 client for Node.js open source. A security feature issue vulnerability exists in Undici version 4.5.0, versions prior to 5.28.5, 6.21.1, and 7.2.3, which stems from the use of predictable Math.random to generate bounds for multipart/form-data requests, allowing an attacker t...

6.8CVSS6.4AI score0.00736EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.9 views

PT-2025-4384

Name of the Vulnerable Software and Affected Versions undici versions 4.5.0 through 5.28.4 undici versions 4.5.0 through 6.21.0 undici versions 4.5.0 through 7.2.2 Description The issue arises from undici using Math.random to choose the boundary for a multipart/form-data request. It is known that...

6.8CVSS6.3AI score0.00736EPSS
Exploits0References128
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.6 views

The vulnerability of the SSL VPN remote access technology implemented on SonicOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSL VPN remote access technology implemented on SonicOS operating systems is related to the use of a insecure random number generator program. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...

8.5CVSS7.7AI score0.01003EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/07 8:15 p.m.1 views

DEBIAN-CVE-2025-0218

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-creat...

7.1CVSS5.6AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2025/01/02 5:15 a.m.3 views

UBUNTU-CVE-2024-56830

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand if no strong randomization module is present...

5.4CVSS5.8AI score0.00367EPSS
Exploits0References4
Rows per page
Query Builder