Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs22: nodejs22-22.22.0-1.3.hum1 aarch64, x8664 nodejs22-bin-22.22.0-1.3.hum1 noarch nodejs22-devel-22.22.0-1.3.hum1 aarch64, x8664 nodejs22-docs-22.22.0-1.3.hum1 noarch...

cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

Critical: Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

An update for cockpit is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

Critical: Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

An update for cockpit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs20: nodejs20-20.20.0-7.1.hum1 aarch64, x8664 nodejs20-bin-20.20.0-7.1.hum1 noarch nodejs20-devel-20.20.0-7.1.hum1 aarch64, x8664 nodejs20-docs-20.20.0-7.1.hum1 noarch...

cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

Critical: Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

An update for cockpit is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs:...

cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

Critical: Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

An update for cockpit is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs:...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs:...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs:...

Critical: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs:...

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions

A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the fs.realpathSync.native function. This vulnerability allows code operating under --permission with restricted --allow-fs-read flags to bypass...

Node.js: Node.js: Information disclosure via timing oracle in HMAC verification

A flaw was found in Node.js. The HMAC Hash-based Message Authentication Code verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurement...

undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression

A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to...

brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion

A flaw was found in the brace-expansion component. This denial of service DoS vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory...

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

undici: undici: Denial of Service via crafted WebSocket frame with large length

A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primar...

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks

A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket UDS server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication IP...

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter

A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid servermaxwindowbits parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate,...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

Important: Red Hat Security Advisory: nodejs:24 security update

An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions

A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...

Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames

A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOWUPDATE frames on stream 0 connection-level. These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Sessi...

Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing

A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a malformed Internationalized Domain Name IDN to the url.format function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. Thi...

undici: Undici: HTTP header injection and request smuggling vulnerability

A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the upgrade option of client.request. This is possible because undici does not...

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs:...

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

A flaw was found in NGINX's ngxhttpmp4module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead ...

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

Important: Red Hat Security Advisory: nginx:1.26 security update

An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: kea security update

An update for kea is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Kea: Kea: Denial of Service via maliciously crafted message

A flaw was found in Kea. A remote attacker can send a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener. This can cause a stack overflow error, leading to the daemon exiting and resulting in a Denial of...

Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA)

Red Hat AI Inference Server 3.2.2 CUDA is now available. Red Hat® AI Inference Server...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs:...

Important: Red Hat Security Advisory: Red Hat Quay 3.14.7

Red Hat Quay 3.14.7 is now available with bug fixes. Quay 3.14.7...