EulerOS Virtualization 2.10.0 : mod_http2 (EulerOS-SA-2024-2123)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2024-2125)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impac...

EulerOS Virtualization 2.10.0 : sssd (EulerOS-SA-2024-2129)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to...

EulerOS Virtualization 2.10.1 : less (EulerOS-SA-2024-2141)

According to the versions of the less package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE.CVE-2022-48624 less through 653 allows OS command...

EulerOS Virtualization 2.10.1 : glibc (EulerOS-SA-2024-2137)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when...

EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2024-2138)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems lik...

EulerOS Virtualization 2.10.0 : libxml2 (EulerOS-SA-2024-2122)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used...

EulerOS Virtualization 2.10.1 : python-jinja2 (EulerOS-SA-2024-2147)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...

EulerOS Virtualization 2.10.1 : emacs (EulerOS-SA-2024-2135)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.CVE-2024-30204 In Emacs before 29.3, Org mode...

EulerOS Virtualization 2.10.1 : sssd (EulerOS-SA-2024-2149)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to...

EulerOS Virtualization 2.10.0 : python-jinja2 (EulerOS-SA-2024-2127)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...

EulerOS Virtualization 2.10.0 : libvirt (EulerOS-SA-2024-2133)

According to the versions of the libvirt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoo...

EulerOS Virtualization 2.10.1 : tpm2-tss (EulerOS-SA-2024-2151)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the...

EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2024-2124)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps...

EulerOS Virtualization 2.10.1 : systemd (EulerOS-SA-2024-2150)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denia...

EulerOS Virtualization 2.10.0 : python-pillow (EulerOS-SA-2024-2128)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.CVE-2024-28219...

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2024-2139)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...

EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2024-2152)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. Wh...

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-2134)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

EulerOS Virtualization 2.10.0 : gnutls (EulerOS-SA-2024-2118)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems lik...