EUVD-2020-6518

Malware in sbrugna...

EUVD-2024-53945

Malicious code in bioql PyPI...

EUVD-2022-37613

Malicious code in bioql PyPI...

Security Bulletin: IBM Aspera Desktop App has multiple vulnerabilities related to Open Source dependencies (CVE-2025-27789 and CVE-2025-24010 )

Summary IBM Aspera Desktop App is affected by inefficient regular expression complexity which can cause excessive CPU cycles and lack of validation on the Origin header which could cause an unauthorized access to any functionality accessible to the communication source. These vulnerabilities have...

Linux Distros Unpatched Vulnerability : CVE-2020-14378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the movedesc function can lead to large amounts of CPU cycles being eaten up in a lo...

CVE-2024-54170

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles...

CVE-2024-54170

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles...

CVE-2024-54170 IBM EntireX denial of service

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles...

CVE-2024-54170

IBM EntireX 11.1 contains a local-privilege-denied-execution vulnerability where a crafted regular expression with inefficient complexity can exhaust CPU cycles, leading to DoS. The issue is tied to CWE-1333 (Inefficient Regular Expression Complexity) and is documented under CVE-2024-54170 with a...

CVE-2024-54170 IBM EntireX denial of service

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles...

K000148809: Qt vulnerabilities CVE-2023-38197 and CVE-2023-37369

Security Advisory Description CVE-2023-38197 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVE-2023-37369 In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2,...

CVE-2023-36842

An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon jdhcpd of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service DoS. On Junos OS devices with...

YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML (CVE-2019-11254)

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

Amazon Linux 2 : squid (ALASSQUID4-2023-006)

The version of squid installed on the remote host is prior to 4.13-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2SQUID4-2023-006 advisory. A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS...

SUSE SLES15: qemu / qemu-arm / qemu-audio-alsa / qemu-audio-pa / qemu-block-curl / etc (SUSE-SU-2023:3721-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3721-1 advisory. - CVE-2022-26354: Fixed a memory leak due to a missing virtqueue detach on error. bsc1198712 - CVE-2021-3929: Fixed a...

Oracle Linux 7 : olcne / kubernetes (ELSA-2020-5653)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5653 advisory. - CVE-2019-11254 kube-apiserver Denial of Service vulnerability from malicious YAML payloads - Golang CVE-2019-16276 - Golang CVE-2019-16276 Tenable has extract...

Oracle Linux 7 : qemu (ELSA-2021-9638)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9638 advisory. - ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packe...

Regular Expression Denial Of Service (ReDoS)

Microsoft patterns & practices Enterprise Library is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due a regex string with inefficient complexity located in Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs, which allows an attacker to input a...

Amazon Linux 2 : qemu (ALAS-2023-2060)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2060 advisory. An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits tx descriptors in...

K000134748: Kubernetes vulnerabilities CVE-2019-1002100, CVE-2019-11254, CVE-2017-1002101, and CVE-2017-1002102

Security Advisory Description CVE-2019-1002100 In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type:...