Lucene search
K

160 matches found

BDU FSTEC
BDU FSTEC
added 2021/09/08 12:0 a.m.5 views

The vulnerability of the Eventlet network library in Python software relates to uncontrolled resource consumption, allowing a hacker to perform a denial-of-service attack.

The vulnerability of the Eventlet web library in Python software relates to an uncontrolled resource consumption when processing large web socket messages. Exploiting this vulnerability could allow a malicious actor to perform a denial-of-service attack by sending compressed message data...

5.3CVSS6.5AI score0.01807EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2021/07/27 10:36 p.m.2 views

python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS

A flaw was found in eventlet. If an unauthenticated user manages to send large websocket frames or highly compressed data frames that can lead to memory exhaustion. An attacker could use this flaw to cause a denial of service DoS...

5.3CVSS7.3AI score0.01807EPSS
Exploits0References4
OSV
OSV
added 2021/06/18 7:24 p.m.9 views

MGASA-2021-0266 Updated python-eventlet packages fix security vulnerability

Updated python-eventlet packages fix a security vulnerability: Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data...

5.3CVSS5.5AI score0.01807EPSS
Exploits0References4
Mageia
Mageia
added 2021/06/18 7:24 p.m.35 views

Updated python-eventlet packages fix security vulnerability

Updated python-eventlet packages fix a security vulnerability: Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data...

5.3CVSS1.2AI score0.01807EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/05/27 12:0 a.m.18 views

Fedora: Security Advisory for python-eventlet (FEDORA-2021-9fde3d7ab1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.3CVSS5.4AI score0.01807EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/05/27 12:0 a.m.14 views

Fedora: Security Advisory for python-eventlet (FEDORA-2021-d5915c247b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.3CVSS5.4AI score0.01807EPSS
Exploits0References2
Fedora
Fedora
added 2021/05/25 1:10 a.m.48 views

[SECURITY] Fedora 33 Update: python-eventlet-0.31.0-1.fc33

Eventlet is a networking library written in Python. It achieves high scalability by using non-blocking io while at the same time retaining high programmer usability by using coroutines to make the non-blocking io operations appear blocking at the source code level...

5CVSS1.2AI score0.01807EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/05/19 12:0 a.m.15 views

Ubuntu: Security Advisory (USN-4956-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.8AI score0.01807EPSS
Exploits0References2
OSV
OSV
added 2021/05/17 1:32 p.m.5 views

USN-4956-1 python-eventlet vulnerability

It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...

5.3CVSS6.8AI score0.01807EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2021/05/17 1:32 p.m.119 views

USN-4956-1: Eventlet vulnerability

It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...

5.3CVSS6.7AI score0.01807EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/05/17 12:0 a.m.37 views

Ubuntu 20.04 LTS : Eventlet vulnerability (USN-4956-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4956-1 advisory. It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service. Tenable has extracte...

5.3CVSS6.7AI score0.01807EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/05/11 8:54 p.m.44 views

CVE-2021-21419

A flaw was found in eventlet. If an unauthenticated user manages to send large websocket frames or highly compressed data frames that can lead to memory exhaustion. An attacker could use this flaw to cause a denial of service DoS...

5.3CVSS2AI score0.01807EPSS
Exploits0References3
Veracode
Veracode
added 2021/05/10 2:49 a.m.27 views

Denial Of Service (DoS)

eventlet is vulnerable to denial of service. The vulnerability exists as the size of websocket frame is not restricted, leading to a machine exhaustion when an attacker sends a huge websocket frames...

5.3CVSS2AI score0.01807EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2021/05/07 3:50 p.m.37 views

GHSA-9P9M-JM8W-94P2 Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Impact A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. Patches Version 0.31.0 restricts websocket frame to reasonable limits. Workarounds Restricting memory usa...

6.9CVSS5.4AI score0.01807EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2021/05/07 3:50 p.m.6 views

aimmo (>=0.61.9 <=0.69.8b430), alexander-fw (>=0.4.0 <=0.4.1) +85 more potentially affected by CVE-2021-21419 via eventlet (>=0.19.0 <=0.30.3)

eventlet PYPI version =0.19.0, =0.61.9, =0.4.0, =0.6.7.post3, =1.0.12, =0.1.3, =0.1.0, =4.15.0, =0.1.1.dev0, =0.1.0, =0.3.6, =0.3.7 and more Source cves: CVE-2021-21419 Source advisory: OSV:GHSA-9P9M-JM8W-94P2...

5.3CVSS6.7AI score0.01807EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/05/07 3:50 p.m.47 views

Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Impact A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. Patches Version 0.31.0 restricts websocket frame to reasonable limits. Workarounds Restricting memory usa...

5.3CVSS1.5AI score0.01807EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/05/07 3:15 p.m.32 views

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS5.1AI score
Exploits0References3
OSV
OSV
added 2021/05/07 3:15 p.m.1 views

DEBIAN-CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS6.6AI score0.01807EPSS
Exploits0References1
NVD
NVD
added 2021/05/07 3:15 p.m.22 views

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS0.01807EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/05/07 3:15 p.m.39 views

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS6.8AI score0.01807EPSS
Exploits0References2
Rows per page
Query Builder