264 matches found
CVE-2023-29409
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...
Code injection
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...
CVE-2023-29409
CVE-2023-29409 affects the Go language runtime/package (golang) across multiple distributions. The issue arises from extremely large RSA keys in certificate chains causing excessive signature verification CPU usage; the fix restricts RSA key sizes in handshakes to 8192 bits. Public advisories ind...
CVE-2023-29409
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...
CVE-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...
CVE-2023-29409
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1693-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1693-1 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart...
SUSE SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1664-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1664-1 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will...
Mageia: Security Advisory (MGASA-2023-0086)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-3361-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : redis (2023-b0768fba7b)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b0768fba7b advisory. Redis 7.0.9 - Released Tue Feb 28 12:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-25155...
CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...
redis -- multiple vulnerabilities
The Redis core team reports: CVE-2023-25155 Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. CVE-2022-36021 String matching commands like SCAN or KEYS with a specially...
K25075696: Oracle Java vulnerability CVE-2016-3500
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. CVE-2016-3500 Impact An attacker...
High resource usage when parsing multipart form data with many fields
Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form,...
Design/Logic Flaw
Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...
PYSEC-2023-49
Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...
Security Bulletin: Vulnerability in the Node.js jose module affects IBM Event Streams (CVE-2022-36083)
Summary This security vulnerability affects the Node.js jose module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-36083 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request usin...
Security Bulletin: Multiple vulnerabilites affect IBM Engineering Test Management product due to XStream
Summary IBM Engineering Test Management is vulnerable to arbitrary code execution due to XStream. CVE-2021-21342, CVE-2021-21350, CVE-2021-21346, CVE-2021-21349, CVE-2021-21341, CVE-2021-21345, CVE-2021-21348, CVE-2021-21344, CVE-2021-21347, CVE-2021-21343, CVE-2021-21351 Vulnerability Details...
Amazon Linux AMI : python27 (ALAS-2022-1593)
The version of python27 installed on the remote host is prior to 2.7.18-2.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1593 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-2761...