Lucene search
+L

268 matches found

OSV
OSV
added 2023/02/15 3:15 p.m.39 views

PYSEC-2023-49

Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...

7.5CVSS7.5AI score0.01004EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/30 1:43 p.m.39 views

Security Bulletin: Vulnerability in the Node.js jose module affects IBM Event Streams (CVE-2022-36083)

Summary This security vulnerability affects the Node.js jose module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-36083 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request usin...

5.3CVSS5.5AI score0.01112EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 6:38 a.m.46 views

Security Bulletin: Multiple vulnerabilites affect IBM Engineering Test Management product due to XStream

Summary IBM Engineering Test Management is vulnerable to arbitrary code execution due to XStream. CVE-2021-21342, CVE-2021-21350, CVE-2021-21346, CVE-2021-21349, CVE-2021-21341, CVE-2021-21345, CVE-2021-21348, CVE-2021-21344, CVE-2021-21347, CVE-2021-21343, CVE-2021-21351 Vulnerability Details...

9.9CVSS9.2AI score0.82136EPSS
Exploits10Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/06/10 12:0 a.m.49 views

Amazon Linux AMI : python27 (ALAS-2022-1593)

The version of python27 installed on the remote host is prior to 2.7.18-2.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1593 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-2761...

9.8CVSS7.2AI score0.35717EPSS
Exploits4References13
RedHat Linux
RedHat Linux
added 2022/05/26 4:25 p.m.2 views

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

7.8CVSS7.1AI score0.03552EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2022/05/12 12:0 a.m.244 views

AlmaLinux 8 : python3 (ALSA-2022:1986)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1986 advisory. - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP...

7.5CVSS7.4AI score0.11994EPSS
Exploits1References3
Veracode
Veracode
added 2022/03/22 2:33 p.m.24 views

Denial Of Service (DoS)

org.jboss.resteasy:resteasy-core is vulnerable to denial of service DoS attacks. A malicious user is able to cause a hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry, resulting in denial of service conditions...

7.5CVSS2.2AI score0.01222EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/18 5:58 p.m.36 views

RESTEasy 4.5.5.Final in hash flooding

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service...

7.5CVSS2.6AI score0.01222EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/03/04 12:0 a.m.34 views

PSF-2022-7 CVE-2021-3737: urllib HTTP client possible infinite loop on a 100 Continue response

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

7.5CVSS7.7AI score0.11994EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/02/25 12:0 a.m.37 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-1233)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

7.5CVSS7.1AI score0.11994EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/02/25 12:0 a.m.47 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-1214)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

7.5CVSS7.1AI score0.11994EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/02/16 12:0 a.m.37 views

Debian DLA-2924-1 : libxstream-java - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2924 advisory. It was discovered that there was a potential remote denial of service DoS attack in XStream, a Java library used to serialize objects to XML and back again. An attacker cou...

7.5CVSS8.1AI score0.07934EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/02/12 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2022-1051)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.11994EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2022/02/12 12:0 a.m.50 views

EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2022-1139)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, wh...

7.5CVSS7AI score0.11994EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/02/11 12:0 a.m.41 views

EulerOS Virtualization 3.0.6.0 : python2 (EulerOS-SA-2022-1051)

According to the versions of the python2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, w...

7.5CVSS7AI score0.11994EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.18 views

Mitsubishi Electric MELSEC iQ-R Series Uncontrolled Resource Consumption (CVE-2020-13238)

Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to...

7.8CVSS7.2AI score0.03336EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/02/01 12:15 p.m.34 views

CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

7.5CVSS7.1AI score0.07934EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/02/01 12:48 a.m.65 views

Denial of Service by injecting highly recursive collections or maps in XStream

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.19 monitors and accumulates the...

7.5CVSS7.8AI score0.07934EPSS
Exploits1References14Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-1033)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.11994EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2022/01/28 12:0 a.m.47 views

EulerOS 2.0 SP9 : python3 (EulerOS-SA-2022-1013)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

7.5CVSS7.1AI score0.11994EPSS
Exploits2References3
Rows per page
Query Builder