12253 matches found
SUSE SLES15 Security Update : kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:0163-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0163-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.150 fixes various security issues The following security issues were fixed: ...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
ALPINE-CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
UBUNTU-CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
SUSE-SU-2026:0191-1 Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.173 fixes various security issues The following security issues were fixed: - CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. - CVE-2022-50327: ACPI: processor: idle:...
CVE-2026-21636
CVE-2026-21636 describes a security flaw in Node.js’s Permissions model where Unix Domain Socket (UDS) connections can bypass network restrictions even when --allow-net is not enabled. Attacker-controlled inputs (e.g., URLs or socketPath) could reach arbitrary local sockets via net, tls, or undic...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2025-59465
CVE-2025-59465 is observed affecting Node.js packages across multiple Amazon Linux and Fedora advisories. The issue concerns Node.js HTTP/2 server handling of malformed HEADERS frames with oversized HPACK data, leading to a crash via an unhandled TLSSocket error (ECONNRESET) and remote DoS. Affec...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
SUSE-SU-2026:0187-1 Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50409: net: If sock is dead don't access sock's skwq i...
SUSE-SU-2026:0186-1 Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.116 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50409: net: If sock is dead don't access sock's skwq i...
MiracleLinux 8 : targetcli-2.1.51-4.el8 (AXSA:2020-296:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-296:01 advisory. targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands CVE-2020-10699 Tenable has extracted the preceding description...
MiracleLinux 9 : device-mapper-multipath-0.8.7-7.el9.1 (AXSA:2022-4131:06)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4131:06 advisory. device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket CVE-2022-41974 Tenable has extract...
MiracleLinux 7 : httpd-2.4.6-97.2.0.1.el7.AXS7 (AXSA:2021-2543:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2543:02 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Bug Fixes: proxy rewrite to unix socket fails with...