76 matches found
EUVD-2021-24764
Malware in sbrugna...
EUVD-2024-1533
Malicious code in bioql PyPI...
CVE-2025-3263
CVE-2025-3263 in Hugging Face Transformers (get_configuration_file in transformers.configuration_utils) is a RegEx Denial of Service triggered by the pattern config.(.*).json. The issue affects v4.49.0 and is resolved in v4.51.0. Exploitation can cause high CPU usage, potentially disrupting model...
Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2025-970)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-970 advisory. Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted inpu...
CVE-2025-31354
Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters...
SUSE: Security Advisory (SUSE-SU-2025:0813-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : buildah (SUSE-SU-2025:0813-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0813-1 advisory. - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an...
Linux Distros Unpatched Vulnerability : CVE-2023-29407
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU...
SUSE-SU-2025:0579-1 Security update for podman
This update for podman fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227052 - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...
SUSE-SU-2025:0458-1 Security update for podman
This update for podman fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227052 - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : skopeo (SUSE-SU-2025:0420-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0420-1 advisory. - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizi...
SUSE-SU-2025:0420-1 Security update for skopeo
This update for skopeo fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. bsc1227056 - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of...
Oracle Enterprise Manager Cloud Control (January 2025 CPU)
The 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by a vulnerability as referenced in the January 2025 CPU advisory. - An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6,...
Denial Of Service (DoS)
Tornado is vulnerable to a Denial of Service DoS. The vulnerability is due to the HTTP cookie parsing algorithm having quadratic complexity, allowing maliciously crafted cookie headers to cause excessive CPU consumption and block the processing of other requests...
Amazon Linux 2 : python3-tornado (ALAS-2025-2725)
The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2725 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Torna...
Debian dla-4007 : python-tornado-doc - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4007 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4007-1 [email protected]...
Tornado has an HTTP cookie parsing DoS vulnerability
The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. See...
Next.js 安全漏洞
Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in Next.js that stems from excessive CPU consumption...
Uncontrolled Resource Consumption
Apache Commons IO is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to excessive CPU consumption caused by the org.apache.commons.io.input.XmlStreamReader class when processing maliciously crafted input...
DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and Server
This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...