45 matches found
Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update
Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...
cyrus-imapd -- unbounded memory allocation
Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34055)
Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34055 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...
CVE-2023-34055
creationtimestamp| type| source ---|---|--- 2023-12-17 17:12:21+00:00| seen| https://t.me/ctinow/155643 2023-12-22 00:26:33+00:00| seen| https://t.me/ctinow/158080 2024-02-08 01:26:07+00:00| seen| https://t.me/ctinow/181072 2024-02-08 02:26:15+00:00| seen| https://t.me/ctinow/181106...
VMware Spring Boot 2.7.0 - 2.7.17, 3.0.0 - 3.0.12, 3.1.0 - 3.1.5 DoS Vulnerability
VMware Spring Boot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
be.vlaanderen.informatievlaanderen.ldes.ldio:ldio-application (=2.12.0), be.vlaanderen.informatievlaanderen.vsds:ldes-fragmentisers (>=1.1.0 <=3.4.0) +1476 more potentially affected by CVE-2023-34055 via org.springframework.boot:spring-boot-actuator (>=3.1.0 <=3.1.5)
org.springframework.boot:spring-boot-actuator MAVEN version =3.1.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =2.10.0, =1.1.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.6.0, =3.6.1 - be.vlaanderen.informatievlaanderen...
am.ik.access-logger:access-logger (>=0.1.0 <=0.1.2), cn.herodotus.engine:event-core (=3.0.1.0) +618 more potentially affected by CVE-2023-34055 via org.springframework.boot:spring-boot-actuator (>=3.0.0 <=3.0.12)
org.springframework.boot:spring-boot-actuator MAVEN version =3.0.0, =0.1.0, =0.1.2 - cn.herodotus.engine:event-core =3.0.1.0 - cn.herodotus.engine:event-message-spring-boot-starter =3.0.1.0 - cn.herodotus.engine:event-pay-spring-boot-starter =3.0.1.0 -...
CVE-2023-34055
CVE-2023-34055 concerns denial-of-service in Spring Boot when using Spring MVC/WebFlux and the actuator JAR on the classpath. Affected are Spring Boot versions 2.7.0–2.7.17, 3.0.0–3.0.12, and 3.1.0–3.1.5. The DoS condition arises from specially crafted HTTP requests; exploitation requires the aff...
This Week in Spring - 28 November, 2023
Hi, Spring fans! I hope everyone who celebrated Thanksgiving had a wonderful time. Did you indulge in too much turkey? Anyway, let's jump into this week's edition of This Week in Spring—a particularly special one for a couple of reasons. First, it's our first issue after the launch of Spring Boot...
CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities
Updates 11-27 Blog posts updated to refer to the CVE reports published The Spring Framework 6.0.14 release shipped on November 16th includes a fix for CVE-2023-34053. The Spring Boot 2.7.18 release shipped on November 23th includes fixes for CVE-2023-34055. Users are encouraged to update as soon ...
Ubuntu: Security Advisory (USN-6108-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6108-1: Jhead vulnerabilities
It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. CVE-2021-34055 Kyle Brown discovered that Jhead did not properly handle certain crafted images while...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Jhead vulnerabilities (USN-6108-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6108-1 advisory. It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could...
Debian DSA-5294-1 : jhead - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5294 advisory. Jhead, a tool for manipulating EXIF data embedded in JPEG images, allowed attackers to execute arbitrary OS commands by placing them in a JPEG filename and then...
[SECURITY] [DLA 3219-1] jhead security update
Debian LTS Advisory DLA-3219-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 04, 2022 https://wiki.debian.org/LTS Package : jhead Version : 1:3.00-8+deb10u1 CVE ID : CVE-2021-34055 CVE-2022-41751 Debian Bug : 1024272 1022028 Jhead, a tool for manipulati...
openSUSE 15 Security Update : jhead (openSUSE-SU-2022:10202-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10202-1 advisory. - jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. CVE-2021-34055 Note that Nessus has not tested for this issue but has...
OPENSUSE-SU-2022:10202-1 Security update for jhead
This update for jhead fixes the following issues: CVE-2021-34055: Fix out of bounds write in ClearOrientation due to unchecked error boo1205167...
Security update for jhead (important)
openSUSE Security Update: Security update for jhead Announcement ID: openSUSE-SU-2022:10202-1 Rating: important References: 1205167 Cross-References: CVE-2021-34055 CVSS scores: CVE-2021-34055 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ...
Security update for jhead (important)
openSUSE Security Update: Security update for jhead Announcement ID: openSUSE-SU-2022:10203-1 Rating: important References: 1205167 Cross-References: CVE-2021-34055 CVSS scores: CVE-2021-34055 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ...
CVE-2021-34055
creationtimestamp| type| source ---|---|--- 2022-11-04 19:45:25+00:00| seen| https://t.me/cibsecurity/52571 2025-05-02 19:16:05+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14560...