Lucene search
+L

559 matches found

Cvelist
Cvelist
added 2021/03/07 9:55 a.m.51 views

CVE-2020-28466 Denial of Service (DoS)

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...

7.5CVSS7.6AI score0.03658EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/03/07 9:55 a.m.19 views

CVE-2020-28466

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...

7.5CVSS7.6AI score0.03658EPSS
Exploits0
CVE
CVE
added 2021/03/07 9:55 a.m.70 views

CVE-2020-28466

CVE-2020-28466 affects the nats-server component at github.com/nats-io/nats-server/server. The issue arises from an export/import cycle between accounts that untrusted users can trigger, causing the server to crash (denial of service) by consuming CPU/memory. Connected advisories indicate the 2.x...

7.5CVSS7.5AI score0.03658EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/03/07 12:0 a.m.7 views

Waldemar Quevedo nats-server 安全漏洞

Waldemar Quevedo nats-server is Waldemar Quevedo an open source application. A simple, secure and high performance communication system for digital systems, services and devices. github.com/nats-io/nats-server/server A security vulnerability exists in all versions of nats-server, which stems from...

7.5CVSS7.2AI score0.03658EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/01/11 12:0 a.m.18 views

Fedora: Security Advisory for nats-server (FEDORA-2020-2c8851d48b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8AI score
Exploits0References2
Fedora
Fedora
added 2021/01/04 1:8 a.m.101 views

[SECURITY] Fedora 33 Update: nats-server-2.1.9-1.fc33

A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation CNCF...

9.8CVSS1.4AI score0.0209EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/01/04 12:0 a.m.24 views

Fedora 33 : nats-server (2020-2c8851d48b)

Update to 2.1.9 Security fix for CVE-2020-26892 Security fix for CVE-2020-26521 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

9.8CVSS8AI score0.0209EPSS
Exploits0References3
Snyk
Snyk
added 2020/11/22 1:40 p.m.2 views

Denial of Service (DoS)

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Denial of Service DoS. Untrusted accounts are able to crash the server using configs that...

7.5CVSS7.2AI score0.03658EPSS
Exploits0References2
Snyk
Snyk
added 2020/11/22 1:40 p.m.2 views

Denial of Service (DoS)

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Denial of Service DoS. Untrusted accounts are able to crash the server using configs that...

7.5CVSS7.2AI score0.03658EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/11/22 12:0 a.m.3 views

PT-2020-5727 · Nats.Io · Nats Server

Name of the Vulnerable Software and Affected Versions: github.com/nats-io/nats-server/server versions prior to a fixed version Description: The issue is related to an uncontrolled resource consumption in the NATS messaging system server. This can be exploited by a remote attacker to cause a denia...

7.8CVSS6.7AI score0.03658EPSS
Exploits0References17
Veracode
Veracode
added 2020/11/09 12:25 a.m.19 views

Denial Of Service (DoS)

github.com/nats-io/nats-server is vulnerable to denial of service DoS. An attacker can cause an application to crash by sending a malicious JWT...

7.5CVSS2.7AI score0.0209EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2020/11/06 8:15 a.m.31 views

CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.8CVSS9.5AI score0.02054EPSS
Exploits0References3
NVD
NVD
added 2020/11/06 8:15 a.m.31 views

CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

7.5CVSS7.3AI score0.0209EPSS
Exploits0References3
OSV
OSV
added 2020/11/06 8:15 a.m.25 views

CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.8CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2020/11/06 8:15 a.m.2 views

DEBIAN-CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.8CVSS8.5AI score0.02054EPSS
Exploits0References1
OSV
OSV
added 2020/11/06 8:15 a.m.1 views

DEBIAN-CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

7.5CVSS7.3AI score0.0209EPSS
Exploits0References1
OSV
OSV
added 2020/11/06 8:15 a.m.22 views

CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

7.5CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2020/11/06 8:15 a.m.24 views

Code injection

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

5CVSS7.3AI score0.0209EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2020/11/06 8:15 a.m.30 views

Code injection

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

7.5CVSS9.4AI score0.02054EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2020/11/06 8:15 a.m.32 views

CVE-2020-26521

The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...

7.5CVSS7.1AI score0.0209EPSS
Exploits0References4
Rows per page
Query Builder