Lucene search
+L

260 matches found

Tenable Nessus
Tenable Nessus
added 2024/03/28 12:0 a.m.33 views

SUSE SLES15: libpython3_9-1_0 / libpython3_9-1_0-32bit / python39 / etc (SUSE-SU-2024:1009-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1009-1 advisory. - CVE-2023-52425: Fixed denial of service resource consumption caused by processing large tokens in expat bsc1219559....

7.8CVSS6.8AI score0.01815EPSS
Exploits1References11
Veracode
Veracode
added 2024/03/26 8:39 p.m.40 views

Asymmetric Resource Consumption

python is vulnerable to Asymmetric Resource Consumption. This vulnerability is due to an issue in the zip format, allowing for the creation of zip-bombs with a high compression ratio...

6.2CVSS7AI score0.00336EPSS
Exploits0References17Affected Software5
Tenable Nessus
Tenable Nessus
added 2024/03/24 12:0 a.m.32 views

Debian dla-3771 : idle-python2.7 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3771 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3771-1 [email protected] https://www.debian.org/lts/security/...

6.2CVSS7.1AI score0.00336EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/24 12:0 a.m.39 views

Debian dla-3772 : idle-python3.7 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3772 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3772-1 [email protected]...

7.8CVSS7AI score0.00336EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/03/20 12:0 a.m.41 views

Slackware Linux 15.0 / current python3 Multiple Vulnerabilities (SSA:2024-080-01)

The version of python3 installed on the remote host is prior to 3.9.19. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-080-01 advisory. - libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the...

7.8CVSS7.2AI score0.01815EPSS
Exploits1References4
OSV
OSV
added 2024/03/19 4:15 p.m.2 views

DEBIAN-CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.9AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2024/03/19 4:15 p.m.5 views

AZL-36894 CVE-2024-0450 affecting package python3 for versions less than 3.9.19-1

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.7AI score0.00336EPSS
Exploits0References1
NVD
NVD
added 2024/03/19 4:15 p.m.25 views

CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.4AI score0.00336EPSS
Exploits0References18
OSV
OSV
added 2024/03/19 4:15 p.m.3 views

ALPINE-CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.7AI score0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/19 3:12 p.m.24 views

CVE-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.7AI score0.00336EPSS
Exploits0References15
OSV
OSV
added 2024/03/19 3:12 p.m.21 views

PSF-2024-2

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS7AI score0.00336EPSS
Exploits0References15
OSV
OSV
added 2024/03/19 3:12 p.m.30 views

CVE-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.7AI score0.00336EPSS
Exploits0References21
AlpineLinux
AlpineLinux
added 2024/03/19 3:12 p.m.33 views

CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS7.2AI score0.00336EPSS
Exploits0
NVD
NVD
added 2023/07/18 7:15 p.m.33 views

CVE-2023-37481

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs similar to a...

4.9CVSS0.00579EPSS
Exploits0References2
OSV
OSV
added 2023/07/18 6:19 p.m.22 views

CVE-2023-37481 Fides Webserver Vulnerable to SVG Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs similar to a...

2.7CVSS5.1AI score0.00579EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2023/03/27 1:0 a.m.28 views

A week in security (March 20 - 26)

Last week on Malwarebytes Labs: How to avoid potentially unwanted programs "ViLE" members posed as police officers and extorted victims Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles A look at a Magecart skimmer using the Hunter obfuscator The NBA tells fans about...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/24 11:45 a.m.17 views

USB bombs sent to news organizations

We've warned about the possible dangers arising from plugging in unknown USB sticks before, but the dangers we're concerned with are normally confined to your data. However, this week we learned a far more serious threat. No fewer than five different news agencies in Ecuador were sent parcels...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/27 10:53 a.m.50 views

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...

0.7AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/02/20 8:0 a.m.4 views

Go-Getter Vulnerable to Decompression Bombs

...

6.5CVSS6.2AI score0.00454EPSS
Exploits0
OSV
OSV
added 2023/02/17 9:16 p.m.27 views

GO-2023-1578 Denial of service in github.com/hashicorp/go-getter/v2

HashiCorp go-getter is vulnerable to decompression bombs. This can lead to excessive memory consumption and denial-of-service attacks...

6.5CVSS5.2AI score0.00454EPSS
Exploits0References3
Rows per page
Query Builder