Lucene search
K

117 matches found

Debian CVE
Debian CVE
added 2024/02/14 12:0 a.m.52 views

CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...

7.5CVSS6.8AI score0.81729EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/02/13 12:0 a.m.28 views

CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...

7.5CVSS7AI score0.81729EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2024/02/13 12:0 a.m.30 views

ISC BIND 9.0.0 < 9.16.48 / 9.9.3-S1 < 9.16.48-S1 / 9.18.0 < 9.18.24 / 9.18.11-S1 < 9.18.24-S1 / 9.19.0 < 9.19.21 Vulnerability (cve-2023-50868)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-50868 advisory. - The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attacker...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References2
CERT
CERT
added 2024/01/16 12:0 a.m.39 views

GPU kernel implementations susceptible to memory leak

Overview General-purpose graphics processing unit GPGPU platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other processes. An attacker with access to GPU capabilities using a vulnerable GPU's programmable...

6.5CVSS6.2AI score0.01175EPSS
Exploits1References14
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.10 views

Unverified Primitives

Lines of code Vulnerability details Impact Interacting with unverified or malicious Ocean primitives could result in loss of funds or incorrect computations. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/07/01 12:0 a.m.7 views

Total supply can be incorrect in ERC20

Lines of code Vulnerability details Impact totalSupply can be initialized to something different than 0, which would lead to an inaccurate total supply, and could easily break integrations, computations of market cap, etc. Proof of Concept If the constructor is called with initialSupply = 1000, t...

6.8AI score
Exploits0
Veracode
Veracode
added 2022/06/21 5:58 a.m.18 views

Denial Of Service (DoS)

fast-string-search is vulnerable to denial of service. The vulnerability exists due to incorrect computations for non-string inputs which allows an attacker to gain read access from non-permitted locations and cause an application crash...

7.5CVSS7.1AI score0.01152EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/17 8:5 p.m.35 views

CVE-2022-22138 Denial of Service (DoS)

All versions of package fast-string-search are vulnerable to Denial of Service DoS when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation...

7.5CVSS7.7AI score0.01152EPSS
Exploits1References1
OSV
OSV
added 2022/05/24 10:6 p.m.39 views

GO-2022-0166 Denial of service due to unchecked parameters in crypto/dsa

The Verify function in crypto/dsa passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go...

7.5CVSS7.4AI score0.04335EPSS
Exploits0References4
OSV
OSV
added 2022/01/05 3:31 p.m.42 views

GO-2021-0160 Incorrect calculation affecting RSA computations in math/big

Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibl...

7.5CVSS7.2AI score0.02627EPSS
Exploits0References6
OSV
OSV
added 2022/01/04 9:15 a.m.18 views

CVE-2021-40111

In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user nee...

6.5CVSS6.6AI score
Exploits0References2
Code423n4
Code423n4
added 2021/09/15 12:0 a.m.12 views

wrong YAXIS estimates

Handle cmichel Vulnerability details The Harvester.getEstimates contract tries to estimate a YAXIS amount but uses the wrong path and/or amount. It currently uses a WETH input amount to compute a YAXIS - WETH trade. address memory path; path0 = IStrategystrategy.want; path1 =...

6.9AI score
Exploits0
Ubuntu
Ubuntu
added 2021/09/03 6:43 p.m.53 views

USN-5061-1: Scilab vulnerabilities

It was discovered that Scilab did not properly sanitize XML inputs. An atacker could use a crafted XML file to cause a denial of service or possibly execute arbitrary code...

7.5CVSS7.1AI score0.01402EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2021/08/31 8:30 a.m.3 views

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

5.5CVSS6.7AI score0.00414EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/08/31 8:15 a.m.2 views

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

5.5CVSS6.7AI score0.00414EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/08/10 4:13 p.m.2 views

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

5.5CVSS6.7AI score0.00414EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/08/09 9:56 a.m.3 views

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

5.5CVSS6.7AI score0.00414EPSS
Exploits0References7
Mageia
Mageia
added 2021/07/10 12:56 p.m.30 views

Updated botan2 packages fix security vulnerability

Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex CVE-2021-24115...

9.8CVSS1.6AI score0.01976EPSS
Exploits0References2
OSV
OSV
added 2021/07/10 12:56 p.m.7 views

MGASA-2021-0329 Updated botan2 packages fix security vulnerability

Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex CVE-2021-24115...

9.8CVSS9.5AI score0.01976EPSS
Exploits0References3
OSV
OSV
added 2021/05/25 12:5 p.m.4 views

OPENSUSE-SU-2021:0794-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2021-24115 In Botan before 2.17.3, or this backport, constant-time computations are not used for certain decoding and encoding operations boo1182670 This update was imported from the openSUSE:Leap:15.2:Update update project...

9.8CVSS9.5AI score0.01976EPSS
Exploits0References3
Rows per page
Query Builder