114 matches found
CVE-2025-23165
In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...
CVE-2025-23122
Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23165...
[SECURITY] Fedora 41 Update: rust-write16-1.0.0-1.fc41
A UTF-16 analog of the Write trait...
[SECURITY] Fedora 41 Update: rust-utf16_iter-1.0.5-1.fc41
Iterator by char over potentially-invalid UTF-16 in &u16...
[SECURITY] Fedora 40 Update: rust-utf16_iter-1.0.5-1.fc40
Iterator by char over potentially-invalid UTF-16 in &u16...
[SECURITY] Fedora 40 Update: rust-write16-1.0.0-1.fc40
A UTF-16 analog of the Write trait...
[SECURITY] Fedora 42 Update: rust-write16-1.0.0-1.fc42
A UTF-16 analog of the Write trait...
[SECURITY] Fedora 42 Update: rust-utf16_iter-1.0.5-1.fc42
Iterator by char over potentially-invalid UTF-16 in &u16...
Node.js: Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string.
In Node.js, the ReadFileUtf8 internal binding was found to have a memory leak due to a corrupted pointer in uvfss.file. A UTF-16 path buffer was allocated and subsequently overwritten when the file descriptor was set, leading to an unrecoverable memory leak on every call...
RHEL 8 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic implementations of P-521 and P-384 elliptic curves allow for denial of service...
RHEL 7 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go: encoding/xml: XML element instability CVE-2020-29511 - The x/text package before 0.3.3 for Go has a...
RHEL 8 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: Command-line arguments may overwrite global data CVE-2021-38297 - In archive/zip in Go before...
RHEL 7 : golang.org_x_text (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...
RHEL 8 : golang.org_x_text (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag CVE-2020-28852 - The...
Fedora 40 : clamav (2024-34474f346b)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-34474f346b advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...
Fedora 38 : clamav (2024-92b8ac25a5)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-92b8ac25a5 advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...
Fedora 39 : clamav (2024-1a79c2ef63)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1a79c2ef63 advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315 - Openfire Authentication Bypass This reposito...
Rocky Linux 8 : container-tools:rhel8 (RLSA-2020:4694)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4694 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters...
Oracle Linux 8 : container-tools:ol8 (ELSA-2020-4694)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4694 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes cluster...