Lucene search
K

825 matches found

RedHat Linux
RedHat Linux
added 2023/05/24 5:13 p.m.7 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.4AI score0.99931EPSS
Exploits41References7
F5 Networks
F5 Networks
added 2023/05/20 11:37 a.m.32 views

K000134706: Python IDNA vulnerability CVE-2022-45061

Security Advisory Description An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of...

7.5CVSS6.8AI score0.02453EPSS
Exploits1Affected Software5
Tenable Nessus
Tenable Nessus
added 2023/05/19 12:0 a.m.34 views

AlmaLinux 8 : python27:2.7 (ALSA-2023:2860)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2860 advisory. Python: CPU denial of service via inefficient IDNA decoder CVE-2022-45061 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

7.5CVSS6.9AI score0.02453EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/05/16 8:33 a.m.6 views

python: CPU denial of service via inefficient IDNA decoder

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

7.5CVSS6.9AI score0.02453EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.40 views

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2023-1896)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows...

9.8CVSS7.6AI score0.05193EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.31 views

CentOS 8 : python38:3.8 and python38-devel:3.8 (CESA-2023:2763)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2763 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to pars...

7.5CVSS6.9AI score0.03502EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/05/08 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2023-1729)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.52063EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/04/27 12:0 a.m.35 views

EulerOS Virtualization 2.9.1 : python3 (EulerOS-SA-2023-1646)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows...

9.8CVSS7.6AI score0.05193EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/04/17 12:0 a.m.32 views

Fortinet Fortigate Lack of certificate verification when establishing secure connections with threat feed fabric connectors (FG-IR-22-257)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-257 advisory. - An improper certificate validation vulnerability CWE-295 in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all...

7.4CVSS7.3AI score0.00276EPSS
Exploits0References2
Amazon
Amazon
added 2023/04/05 12:0 a.m.48 views

Important: python38

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

7.5CVSS8.2AI score0.20459EPSS
Exploits4
Veracode
Veracode
added 2023/04/04 3:46 a.m.23 views

Prototype Pollution

matrix-react-sdk is vulnerable to Prototype Pollution. The vulnerability exists because, in certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype which may lead to an application crash...

8.2CVSS7.8AI score0.00712EPSS
Exploits0References3Affected Software2
Fedora
Fedora
added 2023/04/03 12:18 a.m.38 views

[SECURITY] Fedora 38 Update: libldb-2.7.2-1.fc38

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...

7.7CVSS5.6AI score0.00719EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/30 8:19 p.m.67 views

Prototype pollution in matrix-js-sdk (part 2)

Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-js-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...

8.2CVSS6.6AI score0.01185EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/03/29 7:34 p.m.43 views

GHSA-6G43-88CP-W5GV Prototype pollution in matrix-react-sdk

Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...

8.2CVSS6AI score0.00712EPSS
Exploits0References5
NVD
NVD
added 2023/03/28 9:15 p.m.32 views

CVE-2023-28103

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

8.2CVSS7.9AI score0.00712EPSS
Exploits0References2
Prion
Prion
added 2023/03/28 9:15 p.m.25 views

Design/Logic Flaw

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

6.4CVSS7.7AI score0.00712EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/28 8:37 p.m.36 views

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

8.2CVSS8.1AI score0.00712EPSS
Exploits0References2
OSV
OSV
added 2023/03/28 8:37 p.m.27 views

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

8.2CVSS7.8AI score0.00712EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2023/03/28 8:37 p.m.51 views

CVE-2023-28103

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

8.2CVSS7.9AI score0.00712EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/03/21 4:46 p.m.27 views

K000133094: cURL vulnerability CVE-2020-8177

Security Advisory Description curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. CVE-2020-8177 Impact The highest threat from this vulnerability is to file integrity. This may...

7.8CVSS7.3AI score0.01236EPSS
Exploits1Affected Software3
Rows per page
Query Builder