4657 matches found
PT-2023-4553 · Openssl +7 · Openssl +7
Name of the Vulnerable Software and Affected Versions: OpenSSL affected versions not specified Description: The AES-SIV cipher implementation in OpenSSL contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. This issue can mislead...
PT-2023-33031 · Amazon · S2N-Quic
Name of the Vulnerable Software and Affected Versions: s2n-quic version 1.22.0 Description: An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection. No AWS services are affected, and customers of AWS services do not need to take action...
Profile Enforcement Bypass
k8s.io/kubernetes is vulnerable to Profile Enforcement Bypass. The vulnerability exists because the library does not properly define the seccomp type for the local host, which allows an attacker to bypass the seccomp profile enforcement by passing an empty profile...
The vulnerability of the xmlDictComputeFastKey function (dict.c) in the Libxml2 library allows a hacker to cause a service failure.
The vulnerability of the xmlDictComputeFastKey function in the dict.c file of the Libxml2 library is related to a memory reclamation issue when working with empty string hash dictionaries. Exploiting this vulnerability could allow an attacker to cause service interruptions...
SUSE CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined seccomp...
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined seccomp...
UBUNTU-CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined seccomp...
PT-2023-3615 · Kubelet +2 · Kubelet +2
Name of the Vulnerable Software and Affected Versions: Kubelet affected versions not specified Description: A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field ar...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied
...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
CVE-2023-31994
Certain Hanwha products are vulnerable to Denial of Service DoS. ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service DoS via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.0...
CVE-2023-31994
Certain Hanwha products are vulnerable to Denial of Service DoS. ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service DoS via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.0...
PT-2023-23559 · Hanwha · Hanwha Ip Camera Ane-L7012R +1
Name of the Vulnerable Software and Affected Versions: Hanwha IP Camera ANE-L7012R version 1.41.01 Hanwha IP Camera XNV-9082R version 2.10.02 Description: The issue is related to a Denial of Service DoS condition. It occurs when an empty UDP packet is sent to the listening service, causing the...
Moderate: Red Hat Security Advisory: curl security and bug fix update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
DEBIAN-CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...