EUVD-2024-3471

Malicious code in bioql PyPI...

SUSE CVE-2024-12401

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

Denial Of Service (DoS)

github.com/cert-manager/cert-manager is vulnerable to Denial Of Service DoS. The vulnerability is due to the way cert-manager processes specially crafted invalid PEM data using the pem.Decode function in the standard library, allows an attacker who can modify PEM data read by cert-manager—such as...

AZL-54324 CVE-2024-12401 affecting package cert-manager for versions less than 1.12.15-1

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

CVE-2024-12401

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

AZL-54313 CVE-2024-12401 affecting package cert-manager for versions less than 1.11.2-18

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

CVE-2024-12401

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

CVE-2024-12401 Cert-manager: potential dos when parsing specially crafted pem inputs

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

CVE-2024-12401

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

PT-2024-17578 · Unknown · Cert-Manager

Name of the Vulnerable Software and Affected Versions: cert-manager versions prior to 1.12.14 cert-manager versions prior to 1.15.4 cert-manager versions prior to 1.16.2 Description: A flaw was found in the cert-manager package, allowing an attacker who can modify PEM data that the cert-manager...

Fedora 40 : chisel (2023-b29031a7aa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b29031a7aa advisory. Automatic update for chisel-1.9.0-1.fc40. Changelog Sun Aug 20 2023 Filipe Rosset - 1.9.0-1 - Update to 1.9.0 fixes rhbz2113146 rhbz2163065...

AZL-37085 CVE-2024-28835 affecting package gnutls for versions less than 3.7.11-1

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

BIT-GOLANG-2022-24675

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data...

Security Bulletin: IBM Spectrum Symphony openssl 1.1.1 End of Life

Summary IBM Spectrum Symphony openssl 1.1.1 End of Life Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints. By creating a specially crafted...

Security Bulletin: OpenSSL for IBM i is vulnerable to denial of service attacks and the ability for remote attacker to obtain sensitive information due to multiple vulnerabilities.

Summary OpenSSL for IBM i is vulnerable to a denial of service caused by error in certificate verification CVE-2023-0464, a denial of service caused by arbitrary pointers to memcmp CVE-2023-0286, denial of service caused by a double-free error CVE-2022-4450, denial of service caused by...

Security Bulletin: IBM Aspera faspio Gateway 1.3.2 has addressed multiple openssl vulnerabilities (CVE-2023-0401, CVE-2022-4203, CVE-2022-4304, CVE-2023-0216, CVE-2023-0215, CVE-2022-4450, CVE-2023-0217, CVE-2023-0286)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera faspio Gateway 1.3.2. Vulnerability Details CVEID:CVE-2023-0401 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference during PKCS7 data verification....

USN-5844-1: OpenSSL vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL...

Ubuntu: Security Advisory (USN-5844-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5844-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. CVE-2023-0286 Corey Bonnell discovered that OpenSSL incorrectly handl...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2610)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...