477 matches found
Moderate: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Possible DoS translating ASN.1 object identifiers CVE-2023-2650 openssl: Denial of service by...
CVE-2023-26432
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server...
CVE-2023-26433
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server...
CVE-2023-26434
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...
Code injection
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server...
Code injection
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...
CVE-2023-26434
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...
CVE-2023-26434
CVE-2023-26434 affects Open-Xchange App Suite (OX App Suite): the vulnerability arises from processing of POP3 capabilities responses without enforcing plausible size limits when adding an external mail account. An attacker with access to a rogue POP3 service could cause excessive resource usage,...
CVE-2023-26433
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server...
CVE-2023-26433
CVE-2023-26433 affects Open-Xchange OX App Suite (OXAS-BACKEND) where IMAP capabilities responses were not constrained by size when adding an external mail account. The root cause is unbounded processing of IMAP server responses, enabling an attacker with access to a rogue IMAP service to trigger...
Huawei EulerOS: Security Advisory for python-werkzeug (EulerOS-SA-2023-2167)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : python-werkzeug (EulerOS-SA-2023-2167)
According to the versions of the python-werkzeug package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Werkzeug is a comprehensive WSGI web application library. Browsers may allow 'nameless' cookies that look like =value instead of...
python-werkzeug: high resource usage when parsing multipart form data with many fields
A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...
CVE-2023-31161 Improper Input Validation in Web Interface
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects. See SEL Service Bulletin dated 2022-11-15 f...
golang: net/http, mime/multipart: denial of service from excessive resource consumption
A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...
CLSA-2023-1683235565 openssl: Fix of 3 CVEs
CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...
SUSE: Security Advisory (SUSE-SU-2023:1790-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:1790-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints bsc1209624. - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored bsc1209878. - CVE-2023-0466: Certificate policy check were...
SUSE-SU-2023:1775-1 Security update for python-Werkzeug
This update for python-Werkzeug fixes the following issues: CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields bsc1208283...
SUSE: Security Advisory (SUSE-SU-2023:1754-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...