rpm package
opensuse/bind&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.4
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-43138 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Apr 6, 2022 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. | ||
| CVE-2021-25220 | — | < 9.16.31-150400.5.6.1 | 9.16.31-150400.5.6.1 | Mar 23, 2022 | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have | ||
| CVE-2022-0396 | — | < 9.16.31-150400.5.6.1 | 9.16.31-150400.5.6.1 | Mar 23, 2022 | BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has termina | ||
| CVE-2022-0155 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Jan 10, 2022 | follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | ||
| CVE-2021-3918 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Nov 13, 2021 | json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||
| CVE-2021-25219 | — | < 9.16.31-150400.5.6.1 | 9.16.31-150400.5.6.1 | Oct 27, 2021 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a | ||
| CVE-2021-3807 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Sep 17, 2021 | ansi-regex is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2020-7753 | — | < 9.16.6-150000.12.65.1 | 9.16.6-150000.12.65.1 | Oct 27, 2020 | All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). |
- CVE-2021-43138Apr 6, 2022affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
- CVE-2021-25220Mar 23, 2022affected < 9.16.31-150400.5.6.1fixed 9.16.31-150400.5.6.1
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have
- CVE-2022-0396Mar 23, 2022affected < 9.16.31-150400.5.6.1fixed 9.16.31-150400.5.6.1
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has termina
- CVE-2022-0155Jan 10, 2022affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
- CVE-2021-3918Nov 13, 2021affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
- CVE-2021-25219Oct 27, 2021affected < 9.16.31-150400.5.6.1fixed 9.16.31-150400.5.6.1
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a
- CVE-2021-3807Sep 17, 2021affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
- CVE-2020-7753Oct 27, 2020affected < 9.16.6-150000.12.65.1fixed 9.16.6-150000.12.65.1
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Page 2 of 2