Linux Distros Unpatched Vulnerability : CVE-2017-14634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libsndfile 1.0.28, a divide-by-zero error exists in the function double64init in double64.c, which may lead to DoS when playing a crafted audio file...

MGASA-2024-0360 Updated curl packages fix security vulnerability

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

CVE-2024-47188 Suricata http/byte-ranges: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker...

CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

CVE-2024-9953

CERT VINCE before version 3.0.8 is affected by a DoS vulnerability where an authenticated administrative user can inject an arbitrary pickle object into a user profile. Accessing the profile may trigger a DoS condition, even though Django restricts unpickling to prevent crashes. Reported in multi...

CVE-2023-28455

An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS...

CVE-2023-28456

Summary: Technitium DNS Server (through version 11.0.2) is affected by a vulnerability that enables amplification attacks and potential DoS. The root cause involves the software’s handling that allows amplified traffic generation; the public descriptions and Red Hat/CNNVD entries corroborate the ...

CVE-2023-28455

The CVE-2023-28455 issue affects Technitium DNS Server (up to v11.0.2). The root cause is a forwarding mode pattern that can create query loops in Technitium resolvers, enabling amplification and potential DoS. Documented impacts describe denial-of-service risk due to network-based query looping....

RHEL 8 : python-idna (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Note...

BIT-GITLAB-2021-39907

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage...

FreeBSD : zeek -- potential DoS vulnerability (fedf7e71-61bd-49ec-aaf0-6da14bdbb319)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fedf7e71-61bd-49ec-aaf0-6da14bdbb319 advisory. - Tim Wojtulewicz of Corelight reports: A specially-crafted series of packets containing nested MIME...

CVE-2023-6180

The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The setexdata function used by the library did not deallocate memory used by pre-existing data in memory each time after completin...

FreeBSD : zeek -- potential DoS vulnerabilities (386a14bb-1a21-41c6-a2cf-08d79213379b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 386a14bb-1a21-41c6-a2cf-08d79213379b advisory. - Tim Wojtulewicz of Corelight reports: A specially-crafted SSL packet could cause Zeek to leak memory...

encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Impact The length of URIs and the various parts eg path segments, query parameters is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are : - path segment length: 8192 - Max URI length: 1024 12 - Max query length: 1024 10 See...

encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Impact The length of URIs and the various parts eg path segments, query parameters is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are : - path segment length: 8192 - Max URI length: 1024 12 - Max query length: 1024 10 See...

FreeBSD : zeek -- potential DoS vulnerabilities (8eefa87f-31f1-496d-bf8e-2b465b6e4e8a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8eefa87f-31f1-496d-bf8e-2b465b6e4e8a advisory. - Tim Wojtulewicz of Corelight reports: File extraction limits were not correctly enforced for files...

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via ProjectReferenceFilter in any Markdown fields ReDoS via AutolinkFilter in any Markdown fields Regex DoS in Harbor Registry search Arbitrary read of files owned by the "git" user via malicious tar.gz file upload using GitLab export functionality Stored XSS in Web IDE Beta...

M-02 Unmitigated

Lines of code Vulnerability details Original Issue code-423n4/2023-06-angle-findings31 Details It shows LibGetters.getCollateralRatio might return the incorrect ratio due to the unsafe cast. Mitigation PR: AngleProtocol/angle-transmuter@6f2ffcb During the mitigation, it uses the safeCast library...

CKAN 2.10.x < 2.10.1 Multiples Vulnerabilities

According to its self-reported version number, the CKAN application running on the remote host is prior to 2.9.9 or 2.10.x prior to 2.10.1. It is, therefore, affected by multiples vulnerabilities : - An Arbitrary File Write in resourcecreate and packageupdate actions, using the ResourceUploader...

CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...