Lucene search
K

182 matches found

RedhatCVE
RedhatCVE
added 2023/11/23 1:57 a.m.95 views

CVE-2023-46673

A flaw was found in Elasticsearch. A malicious script used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. Mitigation No mitigation is yet available for this flaw...

7.5CVSS6.8AI score0.00844EPSS
Exploits0References4
OSV
OSV
added 2023/11/22 12:30 p.m.3 views

GHSA-285M-VHFQ-XX4H Elasticsearch Improper Handling of Exceptional Conditions

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

6.5CVSS7.1AI score0.00844EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/11/22 12:30 p.m.40 views

Elasticsearch Improper Handling of Exceptional Conditions

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

7.5CVSS7.1AI score0.00844EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/11/22 10:15 a.m.23 views

CVE-2023-46673

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

7.5CVSS0.00844EPSS
Exploits0References2
OSV
OSV
added 2023/11/22 10:15 a.m.7 views

CVE-2023-46673

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

7.5CVSS7.4AI score
Exploits0References2
Prion
Prion
added 2023/11/22 10:15 a.m.28 views

Code injection

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...

5CVSS6.9AI score0.00844EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.4 views

Elasticsearch Security Vulnerabilities

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from the use of misformatted scripts in the script handler of the ingestion pipeline, which causes nodes to crash...

7.5CVSS6.8AI score0.00844EPSS
Exploits0References3
OSV
OSV
added 2023/10/31 3:2 p.m.19 views

CVE-2023-46239 quic-go vulnerable to pointer dereference that can lead to panic

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

7.5CVSS7.3AI score0.00765EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/10/12 1:33 p.m.6 views

mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service...

7.5CVSS5.8AI score0.02021EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/09/19 2:43 p.m.7 views

mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service...

7.5CVSS5.8AI score0.02021EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/31 9:36 a.m.7 views

nodejs: process interuption due to invalid Public Key information in x509 certificates

A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as...

5.3CVSS7AI score0.01157EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/27 12:0 a.m.3 views

Sails.js 安全漏洞

Sails.js is a Node.js-based web application framework from Sails, Inc. in the United States. A security vulnerability exists in Sails.js versions prior to 1.5.7, which originates in a Sails application, where an attacker can send a virtual request that causes the node process to crash...

7.5CVSS7.4AI score0.0076EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.4 views

PT-2023-3652 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 versions 2 Description: The issue is related to errors in resource release, which can be exploited to cause a denial of service. A malicious user can potentially exploit this issue remotely, leading to a crash of the ROS2 nodes...

6.8CVSS7AI score
Exploits0References10
OSV
OSV
added 2023/05/23 7:55 p.m.4 views

GHSA-CQMJ-92XF-R6R9 Insufficient validation when decoding a Socket.IO packet

Impact A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. TypeError: Cannot convert object to primitive value at Socket.emit node:events:507:25 at .../nodemodules/socket.io/lib/socket.js:531:14 Patches A fix has been...

7.3CVSS7AI score0.01059EPSS
Exploits0References8
OSV
OSV
added 2022/11/22 1:15 a.m.4 views

AZL-44820 CVE-2022-41940 affecting package js-jquery 3.5.0-4

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

6.5CVSS7.3AI score0.01939EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.3 views

PT-2022-36714 · Apple · Apfs

Name of the Vulnerable Software and Affected Versions: APFS affected versions not specified Description: The issue is related to a crash type of UNKNOWN READ in the APFSJObjBtreeNode::find function. The crash state involves the APFSBtreeNodeIterator and APFSJObjTree::obj. No information is provid...

6.9AI score
Exploits0References2
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.90 views

ZEIT Next.js 代码问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A security vulnerability exists in ZEIT Next.js that stems from the fact that when a specific request is sent to the Next.js server, it may cause an unhandledRejection in the server,...

5.3CVSS8.5AI score0.00999EPSS
Exploits0References3
Veracode
Veracode
added 2022/08/19 6:40 a.m.17 views

Denial Of Service (DoS)

github.com/hyperledger/fabric is vulnerable to denial of service DoS attacks. Lack of validations in getChannelAndChaincodeFromSignedProposal function may cause a peer node crash when a gateway client application sends a malformed request to a gateway peer...

7CVSS5.2AI score0.00912EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2022/08/18 12:0 a.m.83 views

CVE-2022-36023

CVE-2022-36023 affects Hyperledger Fabric (gateway component). A malformed gateway request to a gateway peer can cause the peer to crash. The issue is addressed by upgrading to version 2.4.6, which implements input validation and returns an error to the gateway client instead of crashing. No publ...

7CVSS5.8AI score0.00912EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/07/08 5:6 p.m.16 views

GHSA-72X4-CQ6R-JP4P Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request

Impact If a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. This fix checks for the malformed consensus request and returns an error to the consensus client. Specific Go Packages Affected github.com/hyperledger/fabric/orderer/common/cluster Patche...

7.5CVSS7.3AI score0.01937EPSS
Exploits0References6
Rows per page
Query Builder