Lucene search
+L

342 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/18 12:0 a.m.36 views

FreeBSD : OpenSSL -- Denial of Service vulnerability (b88aa380-1442-11ef-a490-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b88aa380-1442-11ef-a490-84a93843eb75 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary:...

5.3CVSS6.9AI score0.01131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.31 views

EulerOS Virtualization 3.0.6.6 : shim (EulerOS-SA-2024-1666)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions...

5.3CVSS6.5AI score0.05533EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.28 views

EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2024-1660)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the...

5.3CVSS6.5AI score0.05533EPSS
Exploits0References4
NVD
NVD
added 2024/05/16 4:15 p.m.23 views

CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.2AI score0.01131EPSS
Exploits0References7
OSV
OSV
added 2024/05/16 4:15 p.m.6 views

AZL-42694 CVE-2024-4603 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.6AI score0.01131EPSS
Exploits0References1
OSV
OSV
added 2024/05/16 4:15 p.m.7 views

AZL-42063 CVE-2024-4603 affecting package edk2 for versions less than 20240524git3e722403cd16-8

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.6AI score0.01131EPSS
Exploits0References1
OSV
OSV
added 2024/05/16 4:15 p.m.5 views

AZL-78534 CVE-2024-4603 affecting package openssl-fips-provider 3.1.2-1

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.6AI score0.01131EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/09 12:0 a.m.39 views

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2024-1575)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

5.5CVSS6.4AI score0.03174EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 10:13 a.m.62 views

CVE-2024-34072

Summary (CVE-2024-34072) : The sagemaker-python-sdk’s sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 is vulnerable to unsafe deserialization of untrusted pickled numpy object arrays. This can enable a local attacker to achieve remote code execution, denial of service, and i...

7.8CVSS7.7AI score0.00408EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 10:13 a.m.56 views

CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...

7.8CVSS8.2AI score0.00408EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/30 10:36 a.m.3 views

openssl: Excessive time spent checking invalid RSA public keys

A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large...

5.9CVSS7.1AI score0.02303EPSS
Exploits0References6
CVE
CVE
added 2024/04/24 4:32 p.m.90 views

CVE-2024-3371

CVE-2024-3371 affects MongoDB Compass. Affected versions: 1.35.0–1.42.0. Root cause: insufficient validation of input from untrusted sources, enabling unintended behavior and data disclosure, with potential for attackers to impersonate users and perform MITM-style access to the channel. Public di...

7.1CVSS6.6AI score0.00231EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2024/04/24 4:32 p.m.113 views

Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.40.5...

7.1CVSS6.9AI score0.00231EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.4 views

NewPipe 安全漏洞

NewPipe is a Team NewPipe open source Android application written in Java for video streaming. A security vulnerability exists in NewPipe versions 0.13.4 through 0.26.1, which stems from the fact that importing a backup file from an untrusted source may result in arbitrary code execution...

8.5CVSS7.7AI score0.00324EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.47 views

Ubuntu 18.04 LTS : OpenSSL vulnerabilities (USN-6709-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6709-1 advisory. It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL...

5.5CVSS6.6AI score0.05533EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.25 views

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2024-1461)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very...

5.3CVSS6.5AI score0.04459EPSS
Exploits0References2
OSV
OSV
added 2024/03/19 5:15 a.m.6 views

AZL-35898 CVE-2024-22025 affecting package nodejs for versions less than 20.14.0-1

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...

6.5CVSS6.8AI score0.01309EPSS
Exploits0References1
Atlassian
Atlassian
added 2024/03/14 5:46 a.m.45 views

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bamboo Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. This software.amazon.ion:ion-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.8AI score0.0082EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.35 views

SUSE SLES15: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2024:0831-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0831-1 advisory. - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file bsc1219243. Tenable has extracted the...

5.5CVSS6.7AI score0.03174EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.40 views

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1220)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

5.5CVSS6.4AI score0.03174EPSS
Exploits0References2
Rows per page
Query Builder