CVE-2024-2511

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

PT-2024-23552 · Unknown · Ros Melodic Morenia

Name of the Vulnerable Software and Affected Versions: ROS Robot Operating System Melodic Morenia versions 1 Description: An OS command injection issue has been discovered, primarily affecting command processing and system call components. This makes them susceptible to manipulation by malicious...

CVE-2024-30665

CVE-2024-30665 has been withdrawn; the initial entry states “Rejected reason: DO NOT USE THIS CANDIDATE NUMBER” and notes no evidence of a vulnerability. Connected sources (NVD, CNNVD) repeat that this candidate was withdrawn/not applicable. The PT security entry about ROS Melodic Morenia and rel...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2024-1512)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-1509)

"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux filesystem modules allows Forced Integer Overflow.This issue affects...

OpenSSL 3.0.0 < 3.0.14 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.14 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the...

OpenSSL 3.1.0 < 3.1.6 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.1.6 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the function...

OpenSSL 3.2.0 < 3.2.2 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.2.2 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the function...

BIT-APACHE-2024-24795 Apache HTTP Server: HTTP Response Splitting in multiple modules

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

python39 bug fix update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python-ply, python-requests, python-psutil, numpy, module.python-psutil, module.python-pycparser, module.python-cffi, pytest, module.python39,...

SUSE CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

Visual Planning 8 Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49232 Link ====...

ALPINE-CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

CVE-2024-24795

A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Mitigation Mitigation for this issue is either not available or the currently...

ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +6720 more potentially affected by CVE-2024-2700 via io.quarkus:quarkus-core (>=0.11.0 <=3.2.11.Final)

io.quarkus:quarkus-core MAVEN version =0.11.0, =0.1.0, =0.1.0, =0.0.2, =0.1.1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.11 and more Source cves: CVE-2024-2700 Source advisory: OSV:GHSA-F8H5-V2VG-46RR...

CVE-2024-26787 mmc: mmci: stm32: fix DMA API overlapping mappings warning

In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIGDMAAPIDEBUGSG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNIN...

CVE-2024-26787

In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIGDMAAPIDEBUGSG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNIN...

CVE-2024-26787

In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIGDMAAPIDEBUGSG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNIN...

Apache httpd -- multiple vulnerabilities

The Apache httpd project reports: HTTP/2 DoS by memory exhaustion on endless continuation frames HTTP Response Splitting in multiple modules...