260 matches found
SUSE SLES15: libpython3_9-1_0 / libpython3_9-1_0-32bit / python39 / etc (SUSE-SU-2024:1009-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1009-1 advisory. - CVE-2023-52425: Fixed denial of service resource consumption caused by processing large tokens in expat bsc1219559....
Asymmetric Resource Consumption
python is vulnerable to Asymmetric Resource Consumption. This vulnerability is due to an issue in the zip format, allowing for the creation of zip-bombs with a high compression ratio...
Debian dla-3771 : idle-python2.7 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3771 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3771-1 [email protected] https://www.debian.org/lts/security/...
Debian dla-3772 : idle-python3.7 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3772 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3772-1 [email protected]...
Slackware Linux 15.0 / current python3 Multiple Vulnerabilities (SSA:2024-080-01)
The version of python3 installed on the remote host is prior to 3.9.19. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-080-01 advisory. - libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the...
DEBIAN-CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
AZL-36894 CVE-2024-0450 affecting package python3 for versions less than 3.9.19-1
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
ALPINE-CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450 Quoted zip-bomb protection for zipfile
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
PSF-2024-2
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450 Quoted zip-bomb protection for zipfile
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2024-0450
An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...
CVE-2023-37481
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs similar to a...
CVE-2023-37481 Fides Webserver Vulnerable to SVG Bomb File Uploads
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs similar to a...
A week in security (March 20 - 26)
Last week on Malwarebytes Labs: How to avoid potentially unwanted programs "ViLE" members posed as police officers and extorted victims Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles A look at a Magecart skimmer using the Hunter obfuscator The NBA tells fans about...
USB bombs sent to news organizations
We've warned about the possible dangers arising from plugging in unknown USB sticks before, but the dangers we're concerned with are normally confined to your data. However, this week we learned a far more serious threat. No fewer than five different news agencies in Ecuador were sent parcels...
ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks
A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...
Go-Getter Vulnerable to Decompression Bombs
...
GO-2023-1578 Denial of service in github.com/hashicorp/go-getter/v2
HashiCorp go-getter is vulnerable to decompression bombs. This can lead to excessive memory consumption and denial-of-service attacks...