CVE-2023-49275

CVE-2023-49275 affects Wazuh and relates to a NULL pointer dereference in the analysisd component during fuzzing, triggered when a syscollector message uses the hotfix type without a timestamp. The dereference of a missing timestamp item via cJSON_GetObjectItem() can allow a malicious client to c...

CVE-2024-21015

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

SUSE-SU-2024:1312-1 Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-1504002463 fixes several issues. The following security issues were fixed: - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receiveencryptedstandard in fs/smb/client/smb2ops.c bsc1219078. - CVE-2023-42753: Fixed an array indexing vulnerability i...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

Debian dsa-5659 : trafficserver - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5659 advisory. - HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 a...

CVE-2024-21609 Junos OS: MX Series with SPC3, and SRX Series: If specific IPsec parameters are negotiated iked will crash due to a memory leak

A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service DoS. If...

Fedora 38 : trafficserver (2024-d0acf8d109)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d0acf8d109 advisory. Update to upstream 9.2.4, resolves CVE-2024-31309 CONTINUATION frames DoS Tenable has extracted the preceding description block directly from the...

Fedora 39 : trafficserver (2024-b1e16b4335)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b1e16b4335 advisory. Update to upstream 9.2.4, resolves CVE-2024-31309 CONTINUATION frames DoS Tenable has extracted the preceding description block directly from the...

SUSE-SU-2024:1251-1 Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005528 fixes several issues. The following security issues were fixed: - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receiveencryptedstandard in fs/smb/client/smb2ops.c bsc1219078. - CVE-2023-42753: Fixed an array indexing vulnerability i...

GHSA-3RQ5-2G8H-59HC Potential DoS via the Tudoor mechanism in eventlet and dnspython

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in whic...

PT-2024-3030 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 8.3.0 through 8.3.4 Description: The issue is related to the function mb encode mimeheader in PHP, which can run endlessly for certain inputs containing long strings of non-space characters followed by a space. This could lead to...

CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

CVE-2024-31309 Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

CVE-2024-31309 Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

K000139236: Apache Traffic Server HTTP/2 CONTINUATION DoS attack vulnerability CVE-2024-31309

Security Advisory Description HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. CVE-2024-31309 Impact There is no impact; F5 products are not affected by this...

Mageia: Security Advisory (MGASA-2024-0081)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...