70 matches found
Security update for qemu
This update for qemu fixes the following issues: CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure bsc1229007 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
SUSE-SU-2025:02530-1 Security update for qemu
This update for qemu fixes the following issues: - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure bsc1229007...
CVE-2025-38459
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...
K000151779: Node.js vulnerabilities CVE-2025-23083 and CVE-2025-23085
Security Advisory Description CVE-2025-23083 With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be...
BIT-NODE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
BIT-NODE-MIN-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
CVE-2025-23085
CVE-2025-23085 describes a memory leak in Node.js HTTP/2 server handling that can occur when a remote peer closes the socket without GOAWAY, or when nghttp2 terminates a connection due to an invalid header. The resulting leak can increase memory usage and, under certain conditions, enable denial ...
CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...
PT-2025-4815
Name of the Vulnerable Software and Affected Versions Node.js versions 18.x through 23.x Description A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to...
PT-2025-36264
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free UAF vulnerability exists in the net/smc module of the Linux kernel. The issue occurs because newclcsock-sk can become NULL after smc listen out connected releases the...
CVE-2024-56664 bpf, sockmap: Fix race between element replace and close()
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close Element replace with a socket different from the one stored may race with socket's close link popping & unlinking. sockmapdelete unconditionally unrefs the wrong element: /...
Security update for qemu
This update for qemu fixes the following issues: CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure bsc1229007 CVE-2024-8354: Fixed assertion failure in usbepget in usb bsc1230834 CVE-2024-8612: Fixed information leak in virtio devices...
Astra Linux – Vulnerability in Python 3.11
A vulnerability was discovered in Python before version 3.8.18, 3.9.x before version 3.9.18, 3.10.x before version 3.10.13, and 3.11.x before version 3.11.5. This vulnerability primarily affects servers such as HTTP servers that use TLS client authentication. When a TLS server-side socket is...
QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...
Node.js: GOAWAY HTTP/2 frames cause memory leak outside heap
A memory leak could occur when a remote peer abruptly closed the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could have led to increased memory...
QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...
QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...
QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...