Lucene search
K

1909 matches found

ICS
ICS
added 2023/06/13 6:0 a.m.23 views

Rockwell Automation FactoryTalk Transaction Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Transaction Manager Vulnerability: Uncontrolled Resource Consumption. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the...

7.5CVSS7.8AI score0.01221EPSS
Exploits0References8
Citrix
Citrix
added 2023/06/13 12:0 a.m.7 views

WEM Memory usage limit doesn't work as expected on Windows 2022 Server

When the WEM agent runs on Windows Server 2022, the memory usage limit applied to specific processes might not work as expected...

7.1AI score
Exploits0
NVD
NVD
added 2023/06/06 8:15 p.m.14 views

CVE-2023-2253

A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive strin...

6.5CVSS6.4AI score0.00938EPSS
Exploits0References2
CVE
CVE
added 2023/06/06 12:0 a.m.518 views

CVE-2023-2253

CVE-2023-2253 concerns the /v2/_catalog endpoint in distribution/distribution, where the query parameter n controls the maximum number of records returned. The flaw allows a malicious user to supply an unreasonably large n, potentially triggering allocation of a massive string array and causing m...

6.5CVSS6.2AI score0.00938EPSS
Exploits0References2Affected Software3
RedHat Linux
RedHat Linux
added 2023/06/05 4:47 p.m.6 views

golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service...

7.5CVSS6.7AI score0.01479EPSS
Exploits0References6
NVD
NVD
added 2023/05/26 6:15 p.m.28 views

CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

6.5CVSS7.5AI score0.01061EPSS
Exploits2References8
Cvelist
Cvelist
added 2023/05/26 12:0 a.m.30 views

CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

7AI score0.01061EPSS
Exploits2References7
Debian CVE
Debian CVE
added 2023/05/26 12:0 a.m.37 views

CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

6.5CVSS6.5AI score0.01061EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2023/05/26 12:0 a.m.19 views

SUSE SLES15 / openSUSE 15 Security Update : distribution (SUSE-SU-2023:2298-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2298-1 advisory. Update to verison 2.8.2: - Revert registry/client: set Accept: identity header when getting layers - Parse http forbidden as...

6.5CVSS6.7AI score0.00938EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2023/05/16 12:0 a.m.49 views

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

7.5CVSS6.7AI score0.02513EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.41 views

RHEL 9 : grafana (RHSA-2023:2167)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2167 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang:...

7.5CVSS7.2AI score0.02513EPSS
Exploits1References16
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.23 views

Using memory instead of storage in 'redeemPositions' will result in incorrect LP Balance

Lines of code Vulnerability details Impact This bug could lead to a situation where a user can 'redeem' their positions without the associated liquidity positions LPs being properly reset. This could result in the user being able to artificially inflate their LP balance, which could lead to...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/07 12:0 a.m.24 views

Fedora 38 : clevis-pin-tpm2 / greetd / keyring-ima-signer / libkrun / etc (2023-cc21019773)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-cc21019773 advisory. Recent updates for the tokio, h2, and openssl crates addressed some potential or confirmed security or soundness issues: - tokio: RUSTSEC-2023-0005 - h2:...

7.5CVSS7.8AI score0.01121EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.11 views

python-django: Potential denial-of-service via Accept-Language headers

A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...

7.5CVSS6.7AI score0.47102EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2023/05/03 2:58 p.m.7 views

python-django: Potential denial-of-service via Accept-Language headers

A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...

7.5CVSS6.7AI score0.47102EPSS
Exploits0References10
OSV
OSV
added 2023/04/21 6:30 p.m.79 views

GHSA-3QJ8-93XH-PWH2 Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-74m5-2c7w-9w3x. This link is maintained to preserve external references. Original Description There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated a...

7.5CVSS7.3AI score0.01288EPSS
Exploits0References5
OSV
OSV
added 2023/04/21 4:15 p.m.16 views

CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7.7AI score
Exploits0References3
Debian CVE
Debian CVE
added 2023/04/21 3:27 p.m.30 views

CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7.2AI score0.01288EPSS
Exploits0
OSV
OSV
added 2023/04/20 9:15 a.m.5 views

CVE-2023-0384

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/04/20 9:15 a.m.2 views

CVE-2023-0384

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job...

7.5CVSS7.5AI score0.00805EPSS
Exploits0References4
Rows per page
Query Builder