Lucene search
K

380 matches found

Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.4 views

PT-2024-36737 · Altair · Altair

Name of the Vulnerable Software and Affected Versions: Altair versions prior to v12.24Q4.1 Description: The issue is related to a lack of validation and authentication in the image proxy for compressing and resizing remote files, which could allow attacks affecting availability. This could result...

8.6CVSS7.5AI score0.00579EPSS
Exploits0References9
Snyk
Snyk
added 2024/12/02 9:37 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the multipart/form-data, when line breaks: CR \r or LF \n in front of the first boundary and any tailing bytes...

8.7CVSS6.9AI score0.00644EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/02 9:37 p.m.20 views

Denial of service (DoS) via deformation `multipart/form-data` boundary

Summary When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could...

7.5CVSS6.8AI score0.00644EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/12/02 4:15 p.m.14 views

CVE-2024-53981

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...

7.5CVSS0.00644EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/02 3:57 p.m.17 views

CVE-2024-53981 python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...

7.5CVSS0.00644EPSS
Exploits0References2
OSV
OSV
added 2024/12/02 3:57 p.m.8 views

CVE-2024-53981 python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...

7.5CVSS7.4AI score0.00644EPSS
Exploits0References4
CNVD
CNVD
added 2024/11/13 12:0 a.m.34 views

Multiple Siemens Products Log Output Medium and Error Vulnerabilities

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 are industrial routers. A log output neutralization error vulnerability exists in multiple Siemens products, which can be exploited by an attacker to send spam to the openvpn logs, causing a high CPU load...

9.1CVSS6.3AI score0.00819EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/09/05 2:46 a.m.7 views

SUSE CVE-2024-44988

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...

5.5CVSS6.4AI score0.00237EPSS
Exploits0References14
OSV
OSV
added 2024/09/04 8:15 p.m.4 views

UBUNTU-CVE-2024-44988

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...

5.5CVSS6.2AI score0.00237EPSS
Exploits0References26
Cvelist
Cvelist
added 2024/09/04 7:54 p.m.23 views

CVE-2024-44988 net: dsa: mv88e6xxx: Fix out-of-bound access

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...

0.00237EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/09/04 7:54 p.m.17 views

CVE-2024-44988 net: dsa: mv88e6xxx: Fix out-of-bound access

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...

7AI score0.00237EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/08/21 12:0 a.m.32 views

Amazon Linux 2 : bind (ALAS-2024-2625)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2625 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problem...

7.5CVSS6.4AI score0.01327EPSS
Exploits0References4
Amazon
Amazon
added 2024/08/20 12:0 a.m.27 views

Important: bind

Issue Overview: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This...

7.5CVSS8AI score0.01327EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/17 12:0 a.m.19 views

Fedora 39 : bind / bind-dyndb-ldap (2024-ef8a7031e7)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-ef8a7031e7 advisory. Update to BIND 9.18.28 Security Fixes - A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to...

7.5CVSS7.8AI score0.0468EPSS
Exploits0References5
OSV
OSV
added 2024/08/09 7:21 a.m.21 views

SUSE-SU-2024:2863-1 Security update for bind

This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. Using rndc flush inadvertently caused...

7.5CVSS7.8AI score0.02114EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.29 views

CBL Mariner 2.0 Security Update: bind (CVE-2023-4408)

The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4408 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does...

7.5CVSS6.4AI score0.01327EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2024/06/14 1:59 p.m.54 views

bind and dhcp security update

An update is available for dhcp, bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain BIND is an implementation of the Domain...

7.5CVSS7.8AI score0.99995EPSS
Exploits1
OSV
OSV
added 2024/06/14 1:59 p.m.72 views

RLSA-2024:3271 Important: bind and dhcp security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The Dynamic Hos...

7.5CVSS8.3AI score0.99995EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.48 views

Rocky Linux 8 : bind and dhcp (RLSA-2024:3271)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3271 advisory. bind9: Parsing large DNS messages may cause excessive CPU load CVE-2023-4408 bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387...

7.5CVSS7.1AI score0.99995EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/06/10 8:16 a.m.88 views

Important: Red Hat Security Advisory: bind, bind-dyndb-ldap, and dhcp security update

An update for bind, bind-dyndb-ldap, and dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7AI score0.99995EPSS
Exploits1References4
Rows per page
Query Builder