188 matches found
CVE-2024-54140 sigstore-java has a vulnerability with bundle verification
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
CVE-2024-54140 sigstore-java has a vulnerability with bundle verification
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
Security Bulletin: Vulnerability in RabbitMQ Java Client affects IBM watsonx.data
Summary RabbitMQ Java Client is vulnerable to a denial of service, caused by no message size limit in maxBodyLebgth. By sending a specially crafted message, a remote attacker could exploit this vulnerability to cause a memory overflow, and results in a denial of service condition. This can affect...
OPENSUSE-SU-2024:13750-1 rabbitmq-java-client-5.20.0-2.1 on GA media
These are all security issues fixed in the rabbitmq-java-client-5.20.0-2.1 package on the GA media of openSUSE Tumbleweed...
Security Bulletin: Vulnerabilities in Golang Go and RabbitMQ Java Client might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Golang Go and RabbitMQ Java Client. Vulnerabilities include cause a denial of service condition and cause a memory overflow on the system as described by the CVE in the "Vulnerability Details" section. CVE-2023-45288,...
Fedora: Security Advisory for mariadb-java-client (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for jglobus (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : google-oauth-java-client (SUSE-SU-2024:0806-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0806-1 advisory. - The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes fr...
[SECURITY] Fedora 40 Update: voms-api-java-3.3.2-16.fc40
The Virtual Organization Membership Service VOMS is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in RabbitMQ Java Client [CVE-2023-46120]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in RabbitMQ Java Client, caused by no message size limit in maxBodyLebgth. CVE-2023-46120. RabbitMQ is a database used in one of our Speech microservices. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in RabbitMQ Java Client
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of RabbitMQ Java Client. Vulnerability Details CVEID: CVE-2023-46120 DESCRIPTION: RabbitMQ Java Client is vulnerable to a denial of service, caused by no message size limit in maxBodyLebgth. By sending...
SUSE CVE-2023-46120
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may...
CVE-2023-46120
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may...
Memory corruption
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may...
RabbitMQ Resource Management Error Vulnerability
RabbitMQ is a feature-rich multi-protocol messaging and streaming agent from RabbitMQ open source. A security vulnerability exists in the RabbitMQ Java client versions prior to 5.18.0 that stems from allowing Java and JVM-based applications to connect to and interact with RabbitMQ nodes, where an...
CVE-2023-46120 RabbitMQ Java client's lack of message size limitation leads to remote DoS attack
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may...
CVE-2023-46120
CVE-2023-46120 affects the RabbitMQ Java Client. The issue arises because maxBodyLebgth was not used when receiving Message objects, allowing an attacker to send a very large Message that could cause memory overflow and DoS/OOM in the consumer. The vulnerability is patched in RabbitMQ Java Client...
CVE-2023-46120 RabbitMQ Java client's lack of message size limitation leads to remote DoS attack
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may...
CVE-2023-46120 RabbitMQ Java client's lack of message size limitation leads to remote DoS attack
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may...
GHSA-MM8H-8587-P46H RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack
Summary maxBodyLebgth was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. PoC RbbitMQ Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M here it only needs to be larger than the Consumer memo...