Lucene search
K

11152 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 6:45 a.m.21 views

Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.

Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerabl...

8.1CVSS6.6AI score0.00898EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2024/06/07 5:21 a.m.19 views

Infinite Loop

github.com/envoyproxy/envoy is vulnerable to an Infinite Loop. The vulnerability is caused when handling Brotli-compressed data with extra input, which causes the system to consume excessive resources and potentially become unresponsive to legitimate traffic. An attacker can exploit this with a...

7.5CVSS7.4AI score0.00674EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.5 views

The vulnerability of the inflate_buffer() function in the VNC server QEMU, which allows a hacker to cause a service failure

The vulnerability of the inflatebuffer function in the VNC server QEMU is related to an incorrect exit condition, which leads to an infinite loop during buffer inflation using zlib. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

6.8CVSS6.8AI score0.01405EPSS
Exploits0References13Affected Software6
OSV
OSV
added 2024/06/05 3:10 p.m.17 views

GO-2024-2880 Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop in github.com/traefik/traefik

Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop in github.com/traefik/traefik...

5.9CVSS6.4AI score0.01001EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/05 2:47 p.m.4 views

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/06/05 2:46 p.m.3 views

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/06/04 12:17 p.m.2 views

SUSE CVE-2024-35825

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDCNCMNTBDEFSIZETX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds sometim...

5.5CVSS6.3AI score0.0023EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.4 views

PT-2024-25023 · Unknown · Envoyproxy

Name of the Vulnerable Software and Affected Versions: Envoyproxy affected versions not specified Description: The issue arises when Envoyproxy, equipped with a Brotli filter, encounters an endless loop during the decompression of Brotli data that contains extra input. This can occur in Envoy, a...

7.5CVSS8.2AI score0.00674EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.16 views

RHEL 6 : libxtst (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXtst: Insufficient validation of server responses result in Integer overflows CVE-2016-7951 - X.org...

9.8CVSS9.7AI score0.02435EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 8 : file-type (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - file-type: a malformed MKV file could cause the file type detector to get caught in an infinite loop CVE-2022-36313...

5.5CVSS6.8AI score0.00389EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.13 views

RHEL 9 : pcre2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop CVE-2022-41409 Note that Nessus ha...

7.5CVSS7.2AI score0.00962EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 8 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: Command-line arguments may overwrite global data CVE-2021-38297 - In archive/zip in Go before...

9.8CVSS8.2AI score0.10299EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 8 : gd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gd: Information disclosure in gdImageCreateFromXbm CVE-2019-11038 - gdgifin.c in the GD Graphics Library...

5.5CVSS8AI score0.13204EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.16 views

RHEL 8 : libsass (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libsass: Infinite loop in Sass::Inspect::operator function resulting in a denial of service CVE-2018-19826 Note tha...

6.5CVSS6.6AI score0.01191EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 7 : soundtouch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - soundtouch: Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock potentially...

8.8CVSS7.2AI score0.06151EPSS
Exploits8References6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 8 : xen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - QEMU: infinite loop in xhciringchainlength in hw/usb/hcd-xhci.c CVE-2020-14394 Note that Nessus has not tested for...

3.2CVSS5.5AI score0.00363EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 6 : commons-compress (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file CVE-2024-25710 Note that...

8.1CVSS8.1AI score0.00441EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.29 views

RHEL 8 : 8.2_qemu-kvm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - QEMU: vhost-user-gpu: out-of-bounds write in virglcmdgetcapset CVE-2021-3546 - hw/net/e1000ecore.c in QEM...

8.2CVSS7.2AI score0.00654EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 7 : qpdf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpdf: stack exhaustion in QPDFObjectHandle and QPDFDictionary classes in libqpdf.a CVE-2018-9918 - An iss...

7.8CVSS6.2AI score0.01804EPSS
Exploits5References14
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.12 views

RHEL 7 : byacc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - byacc: malloc incorrectly accessing released memory leads to use after free CVE-2021-33641 - When a file ...

7.8CVSS7.4AI score0.0027EPSS
Exploits0References2
Rows per page
Query Builder