380 matches found
PT-2024-36737 · Altair · Altair
Name of the Vulnerable Software and Affected Versions: Altair versions prior to v12.24Q4.1 Description: The issue is related to a lack of validation and authentication in the image proxy for compressing and resizing remote files, which could allow attacks affecting availability. This could result...
Allocation of Resources Without Limits or Throttling
Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the multipart/form-data, when line breaks: CR \r or LF \n in front of the first boundary and any tailing bytes...
Denial of service (DoS) via deformation `multipart/form-data` boundary
Summary When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could...
CVE-2024-53981
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...
CVE-2024-53981 python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...
CVE-2024-53981 python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...
Multiple Siemens Products Log Output Medium and Error Vulnerabilities
SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 are industrial routers. A log output neutralization error vulnerability exists in multiple Siemens products, which can be exploited by an attacker to send spam to the openvpn logs, causing a high CPU load...
SUSE CVE-2024-44988
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...
UBUNTU-CVE-2024-44988
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...
CVE-2024-44988 net: dsa: mv88e6xxx: Fix out-of-bound access
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...
CVE-2024-44988 net: dsa: mv88e6xxx: Fix out-of-bound access
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...
Amazon Linux 2 : bind (ALAS-2024-2625)
The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2625 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problem...
Important: bind
Issue Overview: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This...
Fedora 39 : bind / bind-dyndb-ldap (2024-ef8a7031e7)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-ef8a7031e7 advisory. Update to BIND 9.18.28 Security Fixes - A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to...
SUSE-SU-2024:2863-1 Security update for bind
This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. Using rndc flush inadvertently caused...
CBL Mariner 2.0 Security Update: bind (CVE-2023-4408)
The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4408 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does...
bind and dhcp security update
An update is available for dhcp, bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain BIND is an implementation of the Domain...
RLSA-2024:3271 Important: bind and dhcp security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The Dynamic Hos...
Rocky Linux 8 : bind and dhcp (RLSA-2024:3271)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3271 advisory. bind9: Parsing large DNS messages may cause excessive CPU load CVE-2023-4408 bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387...
Important: Red Hat Security Advisory: bind, bind-dyndb-ldap, and dhcp security update
An update for bind, bind-dyndb-ldap, and dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...