268 matches found
PYSEC-2023-49
Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...
Security Bulletin: Vulnerability in the Node.js jose module affects IBM Event Streams (CVE-2022-36083)
Summary This security vulnerability affects the Node.js jose module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-36083 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request usin...
Security Bulletin: Multiple vulnerabilites affect IBM Engineering Test Management product due to XStream
Summary IBM Engineering Test Management is vulnerable to arbitrary code execution due to XStream. CVE-2021-21342, CVE-2021-21350, CVE-2021-21346, CVE-2021-21349, CVE-2021-21341, CVE-2021-21345, CVE-2021-21348, CVE-2021-21344, CVE-2021-21347, CVE-2021-21343, CVE-2021-21351 Vulnerability Details...
Amazon Linux AMI : python27 (ALAS-2022-1593)
The version of python27 installed on the remote host is prior to 2.7.18-2.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1593 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-2761...
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...
AlmaLinux 8 : python3 (ALSA-2022:1986)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1986 advisory. - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP...
Denial Of Service (DoS)
org.jboss.resteasy:resteasy-core is vulnerable to denial of service DoS attacks. A malicious user is able to cause a hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry, resulting in denial of service conditions...
RESTEasy 4.5.5.Final in hash flooding
A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service...
PSF-2022-7 CVE-2021-3737: urllib HTTP client possible infinite loop on a 100 Continue response
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-1233)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-1214)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...
Debian DLA-2924-1 : libxstream-java - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2924 advisory. It was discovered that there was a potential remote denial of service DoS attack in XStream, a Java library used to serialize objects to XML and back again. An attacker cou...
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2022-1051)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2022-1139)
According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, wh...
EulerOS Virtualization 3.0.6.0 : python2 (EulerOS-SA-2022-1051)
According to the versions of the python2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, w...
Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-13238)
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to...
CVE-2021-43859
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...
Denial of Service by injecting highly recursive collections or maps in XStream
Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.19 monitors and accumulates the...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-1033)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : python3 (EulerOS-SA-2022-1013)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...