Lucene search
K

279 matches found

ubuntucve
ubuntucve
added 2024/04/04 12:0 a.m.50 views

CVE-2024-28182

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

5.3CVSS7AI score0.8496EPSS
Exploits1References5
nvd
nvd
added 2024/04/03 10:15 p.m.38 views

CVE-2024-28870

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in ale...

7.5CVSS7.6AI score0.00586EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2024/04/03 10:15 p.m.27 views

CVE-2024-28870

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in ale...

7.5CVSS6.9AI score0.00586EPSS
Exploits0References4
osv
osv
added 2024/04/03 9:13 p.m.14 views

CVE-2024-28870 Suricata uses excessive resource use in malformed ssh traffic parsing

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in ale...

7.5CVSS7.3AI score0.00586EPSS
Exploits0References3
veracode
veracode
added 2024/03/25 1:36 p.m.52 views

Denial Of Service (DoS)

node-tar is vulnerable to Denial of service DoS. The vulnerability is caused due to lack of validation on the number of folders created during the folder creation process.This allows an attackers to consume excessive CPU and memory resources, potentially causing the system to become unresponsive ...

6.5CVSS6.7AI score0.00929EPSS
Exploits1References4Affected Software1
amazon
amazon
added 2024/03/05 12:0 a.m.19 views

Important: bind

Issue Overview: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This...

7.5CVSS8AI score0.99995EPSS
Exploits1
openvas
openvas
added 2024/03/04 12:0 a.m.17 views

openSUSE: Security Advisory for python39 (SUSE-SU-2023:0202-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.7AI score0.02617EPSS
Exploits1References2
nessus
nessus
added 2024/02/29 12:0 a.m.52 views

CentOS 9 : buildah-1.30.0-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the buildah-1.30.0-2.el9 build changelog. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...

9.8CVSS7.5AI score0.04561EPSS
Exploits1References11
nessus
nessus
added 2024/02/26 12:0 a.m.41 views

Fedora 38 : bind9-next (2024-c36c448396)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c36c448396 advisory. Security Fixes - Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load, leading to a denial-of-service...

7.5CVSS7AI score0.99995EPSS
Exploits1References6
nessus
nessus
added 2024/02/23 12:0 a.m.59 views

SUSE SLES15 Security Update : bind (SUSE-SU-2024:0590-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0590-1 advisory. Update to release 9.16.48: Feature Changes: The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and...

7.5CVSS7.1AI score0.99995EPSS
Exploits1References19
openvas
openvas
added 2024/02/14 12:0 a.m.34 views

ISC BIND DoS Vulnerability (CVE-2023-4408) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

7.5CVSS7.4AI score0.01327EPSS
Exploits0References1
osv
osv
added 2024/02/13 2:15 p.m.35 views

CVE-2023-4408

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

7.5CVSS7AI score0.01327EPSS
Exploits0References7
prion
prion
added 2024/02/13 2:15 p.m.36 views

Design/Logic Flaw

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

5CVSS7.6AI score0.01327EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2024/02/13 2:5 p.m.14 views

CVE-2023-5680 Cleaning an ECS-enabled cache may cause excessive CPU load

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...

5.3CVSS6.5AI score0.00624EPSS
Exploits0References2
cvelist
cvelist
added 2024/02/13 2:5 p.m.42 views

CVE-2023-5680 Cleaning an ECS-enabled cache may cause excessive CPU load

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...

5.3CVSS5.4AI score0.00624EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2024/02/13 2:4 p.m.49 views

CVE-2023-4408

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

7.5CVSS7.5AI score0.01327EPSS
Exploits0
debiancve
debiancve
added 2024/02/13 2:4 p.m.58 views

CVE-2023-4408

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

7.5CVSS6.6AI score0.01327EPSS
Exploits0
ubuntucve
ubuntucve
added 2024/02/13 12:0 a.m.42 views

CVE-2023-4408

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

7.5CVSS6.7AI score0.01327EPSS
Exploits0References4
openvas
openvas
added 2024/02/09 12:0 a.m.37 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1140)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.6AI score0.99999EPSS
Exploits19References4
redhatcve
redhatcve
added 2024/01/28 9:52 a.m.56 views

CVE-2023-52340

A flaw in the routing table size was found in the ICMPv6 handling of "Packet Too Big". The size of the routing table is regulated by periodic garbage collection. However, with "Packet Too Big Messages" it is possible to exceed the routing table size and garbage collector threshold. A user located...

6.5CVSS5.7AI score0.0094EPSS
Exploits0References5
Rows per page
Query Builder