EUVD-2021-24764

Malware in sbrugna...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2025-970)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-970 advisory. Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted inpu...

CVE-2025-31354

Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters...

SUSE: Security Advisory (SUSE-SU-2025:0813-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:0579-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227052 - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

SUSE-SU-2025:0458-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227052 - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : skopeo (SUSE-SU-2025:0420-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0420-1 advisory. - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizi...

SUSE-SU-2025:0420-1 Security update for skopeo

This update for skopeo fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227056 - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...

Oracle Enterprise Manager Cloud Control (January 2025 CPU)

The 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by a vulnerability as referenced in the January 2025 CPU advisory. - An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6,...

Amazon Linux 2 : python3-tornado (ALAS-2025-2725)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2725 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Torna...

Debian dla-4007 : python-tornado-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4007 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4007-1 [email protected]...

Tornado has an HTTP cookie parsing DoS vulnerability

The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. See...

DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and Server

This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

CVE-2023-42503

A flaw was found in Apache Commons Compress, where it would permit the creation of a malformed TAR file by manipulating file modification time headers. This issue can lead to excessive CPU consumption and a denial of service, affecting the availability...

CVE-2024-5552

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service ReDoS attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes th...

CVE-2024-29857

CVE-2024-29857 (open vulnerability in Bouncy Castle family). An issue in ECCurve.java/ECCurve.cs can allow an EC certificate with crafted F2m parameters to trigger excessive CPU usage while evaluating curve parameters. Affected products/versions include BC Java before 1.78, BC Java LTS before 2.7...

CVE-2024-29857

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

PT-2024-5034

Name of the Vulnerable Software and Affected Versions: Bouncy Castle Java BC Java versions 1.78 and earlier Bouncy Castle Java LTS BC Java LTS versions 2.73.6 and earlier Bouncy Castle FIPS Java API BC-FJA versions 1.0.2.5 and earlier Bouncy Castle C .Net versions 2.3.1 and earlier Bamboo Data...

CentOS 9 : buildah-1.30.0-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the buildah-1.30.0-2.el9 build changelog. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...