Lucene search
+L

268 matches found

Tenable Nessus
Tenable Nessus
added 2023/08/23 12:0 a.m.24 views

Amazon Linux 2 : nerdctl (ALAS-2023-2210)

The version of nerdctl installed on the remote host is prior to 1.1.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2210 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a...

5.3CVSS7AI score0.01328EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/23 12:0 a.m.21 views

Amazon Linux 2 : containerd (ALASDOCKER-2023-027)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2023-027 advisory. 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can...

5.3CVSS7AI score0.01328EPSS
Exploits0References4
Amazon
Amazon
added 2023/08/21 12:0 a.m.72 views

Medium: golang

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

5.3CVSS7.2AI score0.01328EPSS
Exploits0
Amazon
Amazon
added 2023/08/21 12:0 a.m.61 views

Important: cni-plugins

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS7.1AI score0.01453EPSS
Exploits0
NVD
NVD
added 2023/08/02 8:15 p.m.50 views

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS6.7AI score0.01328EPSS
Exploits0References6
Prion
Prion
added 2023/08/02 8:15 p.m.36 views

Code injection

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5CVSS6.3AI score0.01328EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2023/08/02 7:47 p.m.63 views

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS7.1AI score0.01328EPSS
Exploits0
CVE
CVE
added 2023/08/02 7:47 p.m.588 views

CVE-2023-29409

CVE-2023-29409 affects the Go language runtime/package (golang) across multiple distributions. The issue arises from extremely large RSA keys in certificate chains causing excessive signature verification CPU usage; the fix restricts RSA key sizes in handshakes to 8192 bits. Public advisories ind...

5.3CVSS6.9AI score0.01328EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/08/02 7:47 p.m.37 views

CVE-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS6.7AI score0.01328EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2023/08/02 12:0 a.m.43 views

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS6.8AI score0.01328EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/03/31 12:0 a.m.27 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1693-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1693-1 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart...

7.5CVSS6.8AI score0.0142EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.29 views

SUSE SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1664-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1664-1 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will...

7.5CVSS6.9AI score0.0142EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2023-0086)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.3AI score0.59706EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/14 12:0 a.m.30 views

Debian: Security Advisory (DLA-3361-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.3AI score0.59706EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/03/11 12:0 a.m.35 views

Fedora 38 : redis (2023-b0768fba7b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b0768fba7b advisory. Redis 7.0.9 - Released Tue Feb 28 12:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-25155...

6.5CVSS7.1AI score0.59706EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/03/01 4:15 p.m.53 views

CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

5.5CVSS6.3AI score0.59706EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2023/02/28 12:0 a.m.44 views

redis -- multiple vulnerabilities

The Redis core team reports: CVE-2023-25155 Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. CVE-2022-36021 String matching commands like SCAN or KEYS with a specially...

6.5CVSS6AI score0.59706EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.40 views

K25075696: Oracle Java vulnerability CVE-2016-3500

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. CVE-2016-3500 Impact An attacker...

5.3CVSS7.3AI score0.04797EPSS
Exploits0Affected Software24
Github Security Blog
Github Security Blog
added 2023/02/15 3:36 p.m.48 views

High resource usage when parsing multipart form data with many fields

Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form,...

7.5CVSS7.2AI score0.0142EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2023/02/15 3:15 p.m.18 views

Design/Logic Flaw

Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...

5CVSS7.5AI score0.01004EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder