Lucene search
K

11152 matches found

Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.6 views

PT-2024-37355 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problematic issue has been found, affecting the isoffin process function of the src/filters/isoffin read.c file in the MP4Box component. This issue leads to an infinite loop. The...

5.5CVSS4.4AI score0.00351EPSS
Exploits1References15
CNNVD
CNNVD
added 2024/06/17 12:0 a.m.5 views

GPAC Security Vulnerabilities

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.5-DEV-rev228-g11067ea92-master. An attacker exploited the vulnerability to cause an infinite loop in the application...

5.5CVSS6.7AI score0.00351EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/06/15 12:0 a.m.20 views

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2031-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2031-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated...

8.3CVSS7.1AI score0.01279EPSS
Exploits0References7
OSV
OSV
added 2024/06/14 1:59 p.m.21 views

RLSA-2024:3049 Moderate: perl-Convert-ASN1 security update

Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules. Security Fixes: perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input CVE-2013-7488 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

7.5CVSS7.3AI score0.04158EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2024/06/14 1:59 p.m.24 views

perl-Convert-ASN1 security update

An update is available for perl-Convert-ASN1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Convert::ASN1 encodes and decodes ASN.1 data structures using BER/D...

7.5CVSS6.7AI score0.04158EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2024/06/14 2:12 a.m.18 views

CVE-2024-32976

A flaw was found in Envoy's Brotli decompressor. This flaw allows a remote, unauthenticated attacker to trigger an infinite loop, causing a denial of service...

7.5CVSS6.8AI score0.00674EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.34 views

Fortinet FortiClient in OpenSSL library (FG-IR-22-059)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for...

7.5CVSS6.9AI score0.70561EPSS
Exploits2References4
NVD
NVD
added 2024/06/13 8:15 p.m.23 views

CVE-2024-5949

Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit th...

6.5CVSS0.0058EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/13 7:40 p.m.28 views

CVE-2024-5949 Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability

Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit th...

4.3CVSS0.0058EPSS
Exploits0References1
CVE
CVE
added 2024/06/13 7:40 p.m.58 views

CVE-2024-5949

CVE-2024-5949 affects Deep Sea Electronics DSE855 devices. The flaw is in the handling of multipart boundaries, caused by a logic error that can trigger an infinite loop, enabling network-adjacent attackers to perform a denial-of-service. Authentication is not required. The available connected so...

6.5CVSS4.6AI score0.0058EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/13 7:40 p.m.11 views

CVE-2024-5949 Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability

Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit th...

4.3CVSS6.5AI score0.0058EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.4 views

The vulnerability of the QEMU hardware emulation software, related to the cycle with an unreachable exit condition, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulator is related to an infinite loop error in the emulation of the USB xHCI controller during the calculation of the TRB ring length. Exploiting this vulnerability can allow a hacker to cause a system failure...

3.2CVSS5.8AI score0.00363EPSS
Exploits1References6Affected Software4
CNNVD
CNNVD
added 2024/06/13 12:0 a.m.3 views

Deep Sea Electronics DSE855 Security Vulnerability

The Deep Sea Electronics DSE855 is a USB to Ethernet communication device from Deep Sea Electronics, UK. A security vulnerability exists in the Deep Sea Electronics DSE855 that stems from a specific flaw in the handling of multi-part boundaries that could lead to an infinite loop logic error, whi...

6.5CVSS6.6AI score0.0058EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.5 views

PT-2024-37263 · Deep Sea Electronics · Dse855

Name of the Vulnerable Software and Affected Versions: Deep Sea Electronics DSE855 affected versions not specified Description: This issue allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. The specific flaw...

6.5CVSS6.6AI score0.0058EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/12 7:34 a.m.4 views

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References7
CNVD
CNVD
added 2024/06/12 12:0 a.m.3 views

Siemens TIM 1531 IRC Infinite Loop Vulnerability

The TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300. An infinite loop vulnerability exists in the Siemens TIM 1531 IRC, which can be exploited by an authenticated, remote attacker to create a denial of service condition by importing a specially crafted PKCS12 container...

6.9CVSS6.8AI score0.00387EPSS
Exploits0References1
Amazon
Amazon
added 2024/06/12 12:0 a.m.30 views

Medium: cri-tools

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS8.4AI score0.91969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/06/12 12:0 a.m.58 views

Amazon Linux 2 : cri-tools (ALAS-2024-2568)

The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2568 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

7.5CVSS7.4AI score0.91969EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/06/11 7:45 p.m.2 views

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

5.9CVSS7.3AI score0.01001EPSS
Exploits0References5
Redos
Redos
added 2024/06/11 12:0 a.m.39 views

ROS-20240611-14

The QEMU hardware emulator vulnerability is related to an infinite loop error in QEMU emulation of a USB xHCI controller when calculating the length of the transfer request block TRB ring. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in th...

7.1CVSS7.3AI score0.00484EPSS
Exploits3
Rows per page
Query Builder