Lucene search
K

477 matches found

AlmaLinux
AlmaLinux
added 2023/06/21 12:0 a.m.113 views

Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Possible DoS translating ASN.1 object identifiers CVE-2023-2650 openssl: Denial of service by...

7.5CVSS7AI score0.73461EPSS
Exploits0References12
NVD
NVD
added 2023/06/20 8:15 a.m.20 views

CVE-2023-26432

When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server...

4.3CVSS4.6AI score0.01148EPSS
Exploits0References4
NVD
NVD
added 2023/06/20 8:15 a.m.18 views

CVE-2023-26433

When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server...

4.3CVSS4.6AI score0.01148EPSS
Exploits0References4
NVD
NVD
added 2023/06/20 8:15 a.m.19 views

CVE-2023-26434

When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...

4.3CVSS4.6AI score0.01148EPSS
Exploits0References4
Prion
Prion
added 2023/06/20 8:15 a.m.16 views

Code injection

When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server...

4CVSS4.7AI score0.01148EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/06/20 8:15 a.m.19 views

Code injection

When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...

4CVSS4.7AI score0.01148EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/06/20 7:51 a.m.18 views

CVE-2023-26434

When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...

4.3CVSS4.9AI score0.01148EPSS
Exploits0References4
CVE
CVE
added 2023/06/20 7:51 a.m.39 views

CVE-2023-26434

CVE-2023-26434 affects Open-Xchange App Suite (OX App Suite): the vulnerability arises from processing of POP3 capabilities responses without enforcing plausible size limits when adding an external mail account. An attacker with access to a rogue POP3 service could cause excessive resource usage,...

4.3CVSS4.6AI score0.01148EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/06/20 7:51 a.m.16 views

CVE-2023-26433

When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server...

4.3CVSS4.9AI score0.01148EPSS
Exploits0References4
CVE
CVE
added 2023/06/20 7:51 a.m.59 views

CVE-2023-26433

CVE-2023-26433 affects Open-Xchange OX App Suite (OXAS-BACKEND) where IMAP capabilities responses were not constrained by size when adding an external mail account. The root cause is unbounded processing of IMAP server responses, enabling an attacker with access to a rogue IMAP service to trigger...

4.3CVSS4.6AI score0.01148EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for python-werkzeug (EulerOS-SA-2023-2167)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.1AI score0.0142EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.45 views

EulerOS 2.0 SP5 : python-werkzeug (EulerOS-SA-2023-2167)

According to the versions of the python-werkzeug package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Werkzeug is a comprehensive WSGI web application library. Browsers may allow 'nameless' cookies that look like =value instead of...

7.5CVSS6.3AI score0.0142EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/18 12:14 a.m.0 views

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

7.5CVSS7AI score0.0142EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/05/10 7:24 p.m.15 views

CVE-2023-31161 Improper Input Validation in Web Interface

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects. See SEL Service Bulletin dated 2022-11-15 f...

5.9CVSS8.8AI score0.00543EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/05/09 9:51 a.m.1 views

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01231EPSS
Exploits0References8
OSV
OSV
added 2023/05/04 9:26 p.m.5 views

CLSA-2023-1683235565 openssl: Fix of 3 CVEs

CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...

7.5CVSS7AI score0.03658EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/04/07 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2023:1790-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.03658EPSS
Exploits0References6
OSV
OSV
added 2023/04/06 1:36 p.m.8 views

SUSE-SU-2023:1790-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints bsc1209624. - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored bsc1209878. - CVE-2023-0466: Certificate policy check were...

7.5CVSS6.5AI score0.03658EPSS
Exploits0References7
OSV
OSV
added 2023/04/05 11:24 a.m.8 views

SUSE-SU-2023:1775-1 Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues: CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields bsc1208283...

7.5CVSS7.5AI score0.0142EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/04/05 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2023:1754-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.03658EPSS
Exploits0References4
Rows per page
Query Builder