478 matches found
Security Bulletin: IBM DataPower Gateway vulnerable to DoS and privilege escalation
Summary These CVEs affect the operating system kernel. Vulnerability Details CVEID:CVE-2023-52340 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the ICMPv6 handling of "Packet Too Big". By sending a specially crafted IPV6...
MGASA-2024-0342 Updated bind packages fix security vulnerabilities
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. CVE-2024-0760 Resolver caches and authoritative zone databases that...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2765)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2545)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2520)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-2571)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded...
CVE-2024-47554
A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed...
CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...
CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...
PT-2024-32653
Name of the Vulnerable Software and Affected Versions Apache Commons IO versions 2.0 through 2.13.x Description The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO from version...
Security Bulletin: Vulnerability in Netty affects watsonx.data
Summary Netty is vulnerable to a denial of service. For CVE-2019-9518, a remote attacker could cause watsonx.data to consume excessive CPU resources by sending a set of frames without an end-of-stream flag, eventually causing a denial of service condition. This would affect watsonx.data. For...
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Impact sigstore-go is susceptible to a denial of service attack when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these...
CVE-2024-45395 Unbounded loop over untrusted input can lead to endless data attack
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...
Security Bulletin: Vulnerability in Eclipse Jetty affect watsonx.data
Summary Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a...
RHEL 7 : bind (RHSA-2024:5894)
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5894 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...
F5 Networks BIG-IP : BIND vulnerability (K000140745)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6 / 17.1.2. It is, therefore, affected by a vulnerability as referenced in the K000140745 advisory. If a server hosts a zone containing a KEY Resource Record, or a resolver DNSSEC-validates a KEY Resource...
RLSA-2024:5231 Important: bind and bind-dyndb-ldap security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
AlmaLinux 8 : bind (ALSA-2024:5524)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5524 advisory. bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam CVE-2024-1737 bind9: bind: SIG0 can be used to exhaust CPU...
RHEL 8 : bind (RHSA-2024:5655)
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5655 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...