Lucene search
K

2987 matches found

Github Security Blog
Github Security Blog
added 2024/07/22 5:30 p.m.9 views

DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks

Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...

7.5CVSS7.1AI score0.99995EPSS
Exploits0References6Affected Software2
vulnersOsv
vulnersOsv
added 2024/07/22 5:30 p.m.9 views

com.netki:wallet-name-resolver (>=0.0.2 <=0.1.3), org.id4me:relying-party-api (>=1.0 <=2.19) potentially affected by CVE-2023-50387 via org.jitsi:dnssecjava (>=1.0 <=2.0.0)

org.jitsi:dnssecjava MAVEN version =1.0, =0.0.2, =1.0, =2.19 Source cves: CVE-2023-50387 Source advisory: OSV:GHSA-CRJG-W57M-RQQF...

7.5CVSS7AI score0.99995EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/22 2:46 p.m.5 views

com.netki:wallet-name-resolver (>=0.0.2 <=0.1.3), org.id4me:relying-party-api (>=1.0 <=2.19) potentially affected by CVE-2023-50868 via org.jitsi:dnssecjava (>=1.0 <=2.0.0)

org.jitsi:dnssecjava MAVEN version =1.0, =0.0.2, =1.0, =2.19 Source cves: CVE-2023-50868 Source advisory: OSV:GHSA-MMWX-RJ87-VFGR...

7.5CVSS7AI score0.81729EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/07/22 2:46 p.m.10 views

DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources

Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...

7.5CVSS7.1AI score0.81729EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2024/07/22 2:46 p.m.6 views

GHSA-MMWX-RJ87-VFGR DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources

Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...

7.1CVSS6.8AI score0.81729EPSS
Exploits1References5
OSV
OSV
added 2024/07/22 2:33 p.m.23 views

GHSA-CFXW-4H78-H7FW DNSJava DNSSEC Bypass

Summary Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. Details DNS Messages are not authenticated. They do not guarantee that - received RRs are authentic - not received RRs do not exist - all or any received...

8.9CVSS8.3AI score0.00392EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.4 views

PT-2024-21058 · Dnsjava +2 · Dnsjava +2

Name of the Vulnerable Software and Affected Versions: dnsjava versions prior to 3.6.0 Description: The issue arises from dnsjava not checking the relevance of records in DNS replies to the query, allowing an attacker to respond with records from different zones. This can lead to applications...

8.9CVSS7.8AI score0.00392EPSS
Exploits0References21
OpenVAS
OpenVAS
added 2024/07/16 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1903)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.3AI score0.0075EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.27 views

CBL Mariner 2.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31147)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31147 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom a...

6.5CVSS6.8AI score0.00905EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.30 views

CBL Mariner 2.0 Security Update: bind (CVE-2023-6516)

The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6516 advisory. - To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up t...

7.5CVSS7.4AI score0.01097EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/06/27 1:6 p.m.3 views

dnspython: denial of service in stub resolver

The dnspython stub resolver is vulnerable to a denial of service DoS risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another...

7CVSS7.4AI score0.01857EPSS
Exploits1References5
Veracode
Veracode
added 2024/06/18 6:29 a.m.12 views

Prototype Pollution

@apphp/object-resolver is vulnerable to Prototype Pollution. The vulnerability is due to manipulation of the prototype via the function Module.setNestedProperty, potentially allowing attackers to modify object properties to execute arbitrary code...

8.3CVSS7.5AI score0.00423EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/17 10:30 p.m.23 views

GHSA-64JQ-M7RQ-768H Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

7.5CVSS6.7AI score0.00508EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/06/17 10:30 p.m.25 views

Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

7.5CVSS6.2AI score0.00493EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/06/17 6:31 p.m.8 views

GHSA-QJ86-V6M7-4QV2 Object Resolver Prototype Pollution

apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...

8.3CVSS8.2AI score0.00423EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/06/17 6:31 p.m.22 views

Object Resolver Prototype Pollution

apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...

8.3CVSS6.7AI score0.00423EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/06/17 4:15 p.m.18 views

CVE-2024-36577

apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...

8.3CVSS0.00423EPSS
Exploits0References1
CVE
CVE
added 2024/06/17 12:0 a.m.49 views

CVE-2024-36577

The vulnerability affects apphp/js-object-resolver prior to version 3.1.1. It enables Prototype Pollution via Module.setNestedProperty, potentially allowing an attacker to modify object properties and, per Veracode, potentially execute arbitrary code. Remediation: upgrade to 3.1.1 or later.

8.3CVSS6.8AI score0.00423EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/17 12:0 a.m.3 views

Object Resolver Security Vulnerability

Object Resolver is a general-purpose feature by Samuel Akopyan Personal Developer. It is used to handle nested attributes in JavaScript objects of unlimited depth. A security vulnerability exists in Object Resolver versions prior to 3.1.1, which stems from allowing an attacker to cause prototype...

8.3CVSS6.7AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.6 views

PT-2024-27076 · Unknown · Js-Object-Resolver

Name of the Vulnerable Software and Affected Versions: js-object-resolver versions prior to 3.1.1 Description: The issue allows for Prototype Pollution via the setNestedProperty function of the Module. This can potentially lead to unintended behavior or security issues. Recommendations: For...

8.3CVSS7.3AI score0.00423EPSS
Exploits0References5
Rows per page
Query Builder