Lucene search
K

264 matches found

NVD
NVD
added 2023/08/02 8:15 p.m.50 views

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS6.7AI score0.01328EPSS
Exploits0References6
Prion
Prion
added 2023/08/02 8:15 p.m.35 views

Code injection

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5CVSS6.3AI score0.01328EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/08/02 7:47 p.m.587 views

CVE-2023-29409

CVE-2023-29409 affects the Go language runtime/package (golang) across multiple distributions. The issue arises from extremely large RSA keys in certificate chains causing excessive signature verification CPU usage; the fix restricts RSA key sizes in handshakes to 8192 bits. Public advisories ind...

5.3CVSS6.9AI score0.01328EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2023/08/02 7:47 p.m.58 views

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS7.1AI score0.01328EPSS
Exploits0
OSV
OSV
added 2023/08/02 7:47 p.m.37 views

CVE-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS6.7AI score0.01328EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2023/08/02 12:0 a.m.42 views

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS6.8AI score0.01328EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/03/31 12:0 a.m.27 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1693-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1693-1 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart...

7.5CVSS6.8AI score0.0142EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.29 views

SUSE SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1664-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1664-1 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will...

7.5CVSS6.9AI score0.0142EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2023-0086)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.3AI score0.59706EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/14 12:0 a.m.29 views

Debian: Security Advisory (DLA-3361-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.3AI score0.59706EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/03/11 12:0 a.m.35 views

Fedora 38 : redis (2023-b0768fba7b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b0768fba7b advisory. Redis 7.0.9 - Released Tue Feb 28 12:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-25155...

6.5CVSS7.1AI score0.59706EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/03/01 4:15 p.m.53 views

CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

5.5CVSS6.3AI score0.59706EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2023/02/28 12:0 a.m.44 views

redis -- multiple vulnerabilities

The Redis core team reports: CVE-2023-25155 Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. CVE-2022-36021 String matching commands like SCAN or KEYS with a specially...

6.5CVSS6AI score0.59706EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.40 views

K25075696: Oracle Java vulnerability CVE-2016-3500

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. CVE-2016-3500 Impact An attacker...

5.3CVSS7.3AI score0.04797EPSS
Exploits0Affected Software24
Github Security Blog
Github Security Blog
added 2023/02/15 3:36 p.m.48 views

High resource usage when parsing multipart form data with many fields

Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form,...

7.5CVSS7.2AI score0.0142EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2023/02/15 3:15 p.m.18 views

Design/Logic Flaw

Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...

5CVSS7.5AI score0.01004EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/02/15 3:15 p.m.39 views

PYSEC-2023-49

Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...

7.5CVSS7.5AI score0.01004EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/30 1:43 p.m.39 views

Security Bulletin: Vulnerability in the Node.js jose module affects IBM Event Streams (CVE-2022-36083)

Summary This security vulnerability affects the Node.js jose module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-36083 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request usin...

5.3CVSS5.5AI score0.01112EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 6:38 a.m.45 views

Security Bulletin: Multiple vulnerabilites affect IBM Engineering Test Management product due to XStream

Summary IBM Engineering Test Management is vulnerable to arbitrary code execution due to XStream. CVE-2021-21342, CVE-2021-21350, CVE-2021-21346, CVE-2021-21349, CVE-2021-21341, CVE-2021-21345, CVE-2021-21348, CVE-2021-21344, CVE-2021-21347, CVE-2021-21343, CVE-2021-21351 Vulnerability Details...

9.9CVSS9.2AI score0.82136EPSS
Exploits10Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/06/10 12:0 a.m.48 views

Amazon Linux AMI : python27 (ALAS-2022-1593)

The version of python27 installed on the remote host is prior to 2.7.18-2.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1593 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-2761...

9.8CVSS7.2AI score0.35963EPSS
Exploits4References13
Rows per page
Query Builder