Lucene search
+L

45 matches found

redhat
redhat
added 2024/05/23 10:45 p.m.98 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update

Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

9.3CVSS6.6AI score0.8581EPSS
Exploits9References16
freebsd
freebsd
added 2024/04/30 12:0 a.m.21 views

cyrus-imapd -- unbounded memory allocation

Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...

6.5CVSS7.2AI score0.00836EPSS
Exploits0References1
ibm
ibm
added 2024/02/13 2:49 p.m.29 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34055)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34055 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

6.5CVSS6.4AI score0.01219EPSS
Exploits0Affected Software1
circl
circl
added 2023/12/17 5:12 p.m.5 views

CVE-2023-34055

creationtimestamp| type| source ---|---|--- 2023-12-17 17:12:21+00:00| seen| https://t.me/ctinow/155643 2023-12-22 00:26:33+00:00| seen| https://t.me/ctinow/158080 2024-02-08 01:26:07+00:00| seen| https://t.me/ctinow/181072 2024-02-08 02:26:15+00:00| seen| https://t.me/ctinow/181106...

6.5CVSS6.9AI score0.01219EPSS
Exploits0References4
openvas
openvas
added 2023/11/30 12:0 a.m.25 views

VMware Spring Boot 2.7.0 - 2.7.17, 3.0.0 - 3.0.12, 3.1.0 - 3.1.5 DoS Vulnerability

VMware Spring Boot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7AI score0.01219EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2023/11/28 9:30 a.m.5 views

be.vlaanderen.informatievlaanderen.ldes.ldio:ldio-application (=2.12.0), be.vlaanderen.informatievlaanderen.vsds:ldes-fragmentisers (>=1.1.0 <=3.4.0) +1476 more potentially affected by CVE-2023-34055 via org.springframework.boot:spring-boot-actuator (>=3.1.0 <=3.1.5)

org.springframework.boot:spring-boot-actuator MAVEN version =3.1.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =2.10.0, =1.1.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.6.0, =3.6.1 - be.vlaanderen.informatievlaanderen...

6.5CVSS6.8AI score0.01219EPSS
Exploits0
vulnersosv
vulnersosv
added 2023/11/28 9:30 a.m.4 views

am.ik.access-logger:access-logger (>=0.1.0 <=0.1.2), cn.herodotus.engine:event-core (=3.0.1.0) +618 more potentially affected by CVE-2023-34055 via org.springframework.boot:spring-boot-actuator (>=3.0.0 <=3.0.12)

org.springframework.boot:spring-boot-actuator MAVEN version =3.0.0, =0.1.0, =0.1.2 - cn.herodotus.engine:event-core =3.0.1.0 - cn.herodotus.engine:event-message-spring-boot-starter =3.0.1.0 - cn.herodotus.engine:event-pay-spring-boot-starter =3.0.1.0 -...

6.5CVSS6.9AI score0.01219EPSS
Exploits0
cve
cve
added 2023/11/28 8:27 a.m.170 views

CVE-2023-34055

CVE-2023-34055 concerns denial-of-service in Spring Boot when using Spring MVC/WebFlux and the actuator JAR on the classpath. Affected are Spring Boot versions 2.7.0–2.7.17, 3.0.0–3.0.12, and 3.1.0–3.1.5. The DoS condition arises from specially crafted HTTP requests; exploitation requires the aff...

6.5CVSS6.2AI score0.01219EPSS
Exploits0References2Affected Software1
spring
spring
added 2023/11/28 12:0 a.m.41 views

This Week in Spring - 28 November, 2023

Hi, Spring fans! I hope everyone who celebrated Thanksgiving had a wonderful time. Did you indulge in too much turkey? Anyway, let's jump into this week's edition of This Week in Spring—a particularly special one for a couple of reasons. First, it's our first issue after the launch of Spring Boot...

5CVSS5.1AI score0.01219EPSS
Exploits0
spring
spring
added 2023/11/27 12:0 a.m.246 views

CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities

Updates 11-27 Blog posts updated to refer to the CVE reports published The Spring Framework 6.0.14 release shipped on November 16th includes a fix for CVE-2023-34053. The Spring Boot 2.7.18 release shipped on November 23th includes fixes for CVE-2023-34055. Users are encouraged to update as soon ...

5CVSS7.2AI score0.01219EPSS
Exploits0
openvas
openvas
added 2023/05/26 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-6108-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.00444EPSS
Exploits2References2
ubuntu
ubuntu
added 2023/05/25 7:48 a.m.50 views

USN-6108-1: Jhead vulnerabilities

It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. CVE-2021-34055 Kyle Brown discovered that Jhead did not properly handle certain crafted images while...

7.8CVSS7.7AI score0.00444EPSS
Exploits2
nessus
nessus
added 2023/05/25 12:0 a.m.24 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Jhead vulnerabilities (USN-6108-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6108-1 advisory. It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could...

7.8CVSS7.8AI score0.00444EPSS
Exploits2References3
nessus
nessus
added 2022/12/05 12:0 a.m.29 views

Debian DSA-5294-1 : jhead - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5294 advisory. Jhead, a tool for manipulating EXIF data embedded in JPEG images, allowed attackers to execute arbitrary OS commands by placing them in a JPEG filename and then...

7.8CVSS7.8AI score0.00444EPSS
Exploits2References8
debian
debian
added 2022/12/04 1:33 p.m.58 views

[SECURITY] [DLA 3219-1] jhead security update

Debian LTS Advisory DLA-3219-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 04, 2022 https://wiki.debian.org/LTS Package : jhead Version : 1:3.00-8+deb10u1 CVE ID : CVE-2021-34055 CVE-2022-41751 Debian Bug : 1024272 1022028 Jhead, a tool for manipulati...

7.8CVSS7.4AI score0.00444EPSS
Exploits2
nessus
nessus
added 2022/11/15 12:0 a.m.26 views

openSUSE 15 Security Update : jhead (openSUSE-SU-2022:10202-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10202-1 advisory. - jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. CVE-2021-34055 Note that Nessus has not tested for this issue but has...

7.8CVSS7.3AI score0.00422EPSS
Exploits1References4
osv
osv
added 2022/11/14 4:22 p.m.4 views

OPENSUSE-SU-2022:10202-1 Security update for jhead

This update for jhead fixes the following issues: CVE-2021-34055: Fix out of bounds write in ClearOrientation due to unchecked error boo1205167...

7.8CVSS7.6AI score0.00422EPSS
Exploits1References3
opensuse
opensuse
added 2022/11/14 12:0 a.m.3 views

Security update for jhead (important)

openSUSE Security Update: Security update for jhead Announcement ID: openSUSE-SU-2022:10202-1 Rating: important References: 1205167 Cross-References: CVE-2021-34055 CVSS scores: CVE-2021-34055 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ...

7.8CVSS7.3AI score0.00422EPSS
Exploits1References1
opensuse
opensuse
added 2022/11/14 12:0 a.m.3 views

Security update for jhead (important)

openSUSE Security Update: Security update for jhead Announcement ID: openSUSE-SU-2022:10203-1 Rating: important References: 1205167 Cross-References: CVE-2021-34055 CVSS scores: CVE-2021-34055 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ...

7.8CVSS7.3AI score0.00422EPSS
Exploits1References1
circl
circl
added 2022/11/04 7:45 p.m.6 views

CVE-2021-34055

creationtimestamp| type| source ---|---|--- 2022-11-04 19:45:25+00:00| seen| https://t.me/cibsecurity/52571 2025-05-02 19:16:05+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14560...

7.8CVSS7.4AI score0.00422EPSS
Exploits1References2
Rows per page
Query Builder