342 matches found
FreeBSD : OpenSSL -- Denial of Service vulnerability (b88aa380-1442-11ef-a490-84a93843eb75)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b88aa380-1442-11ef-a490-84a93843eb75 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary:...
EulerOS Virtualization 3.0.6.6 : shim (EulerOS-SA-2024-1666)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions...
EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2024-1660)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the...
CVE-2024-4603
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
AZL-42694 CVE-2024-4603 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
AZL-42063 CVE-2024-4603 affecting package edk2 for versions less than 20240524git3e722403cd16-8
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
AZL-78534 CVE-2024-4603 affecting package openssl-fips-provider 3.1.2-1
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
EulerOS 2.0 SP10 : openssl (EulerOS-SA-2024-1575)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...
CVE-2024-34072
Summary (CVE-2024-34072) : The sagemaker-python-sdk’s sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 is vulnerable to unsafe deserialization of untrusted pickled numpy object arrays. This can enable a local attacker to achieve remote code execution, denial of service, and i...
CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large...
CVE-2024-3371
CVE-2024-3371 affects MongoDB Compass. Affected versions: 1.35.0–1.42.0. Root cause: insufficient validation of input from untrusted sources, enabling unintended behavior and data disclosure, with potential for attackers to impersonate users and perform MITM-style access to the channel. Public di...
Insufficient validation of external input in Compass may enable MITM attacks
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.40.5...
NewPipe 安全漏洞
NewPipe is a Team NewPipe open source Android application written in Java for video streaming. A security vulnerability exists in NewPipe versions 0.13.4 through 0.26.1, which stems from the fact that importing a backup file from an untrusted source may result in arbitrary code execution...
Ubuntu 18.04 LTS : OpenSSL vulnerabilities (USN-6709-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6709-1 advisory. It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL...
EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2024-1461)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very...
AZL-35898 CVE-2024-22025 affecting package nodejs for versions less than 20.14.0-1
A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...
DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bamboo Data Center and Server
This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. This software.amazon.ion:ion-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
SUSE SLES15: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2024:0831-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0831-1 advisory. - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file bsc1219243. Tenable has extracted the...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1220)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...