2987 matches found
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...
com.netki:wallet-name-resolver (>=0.0.2 <=0.1.3), org.id4me:relying-party-api (>=1.0 <=2.19) potentially affected by CVE-2023-50387 via org.jitsi:dnssecjava (>=1.0 <=2.0.0)
org.jitsi:dnssecjava MAVEN version =1.0, =0.0.2, =1.0, =2.19 Source cves: CVE-2023-50387 Source advisory: OSV:GHSA-CRJG-W57M-RQQF...
com.netki:wallet-name-resolver (>=0.0.2 <=0.1.3), org.id4me:relying-party-api (>=1.0 <=2.19) potentially affected by CVE-2023-50868 via org.jitsi:dnssecjava (>=1.0 <=2.0.0)
org.jitsi:dnssecjava MAVEN version =1.0, =0.0.2, =1.0, =2.19 Source cves: CVE-2023-50868 Source advisory: OSV:GHSA-MMWX-RJ87-VFGR...
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...
GHSA-MMWX-RJ87-VFGR DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...
GHSA-CFXW-4H78-H7FW DNSJava DNSSEC Bypass
Summary Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. Details DNS Messages are not authenticated. They do not guarantee that - received RRs are authentic - not received RRs do not exist - all or any received...
PT-2024-21058 · Dnsjava +2 · Dnsjava +2
Name of the Vulnerable Software and Affected Versions: dnsjava versions prior to 3.6.0 Description: The issue arises from dnsjava not checking the relevance of records in DNS replies to the query, allowing an attacker to respond with records from different zones. This can lead to applications...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1903)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CBL Mariner 2.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31147)
The version of c-ares / fluent-bit / grpc / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31147 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom a...
CBL Mariner 2.0 Security Update: bind (CVE-2023-6516)
The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6516 advisory. - To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up t...
dnspython: denial of service in stub resolver
The dnspython stub resolver is vulnerable to a denial of service DoS risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another...
Prototype Pollution
@apphp/object-resolver is vulnerable to Prototype Pollution. The vulnerability is due to manipulation of the prototype via the function Module.setNestedProperty, potentially allowing attackers to modify object properties to execute arbitrary code...
GHSA-64JQ-M7RQ-768H Rancher's External RoleTemplates can lead to privilege escalation
Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...
Rancher's External RoleTemplates can lead to privilege escalation
Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...
GHSA-QJ86-V6M7-4QV2 Object Resolver Prototype Pollution
apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...
Object Resolver Prototype Pollution
apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...
CVE-2024-36577
apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...
CVE-2024-36577
The vulnerability affects apphp/js-object-resolver prior to version 3.1.1. It enables Prototype Pollution via Module.setNestedProperty, potentially allowing an attacker to modify object properties and, per Veracode, potentially execute arbitrary code. Remediation: upgrade to 3.1.1 or later.
Object Resolver Security Vulnerability
Object Resolver is a general-purpose feature by Samuel Akopyan Personal Developer. It is used to handle nested attributes in JavaScript objects of unlimited depth. A security vulnerability exists in Object Resolver versions prior to 3.1.1, which stems from allowing an attacker to cause prototype...
PT-2024-27076 · Unknown · Js-Object-Resolver
Name of the Vulnerable Software and Affected Versions: js-object-resolver versions prior to 3.1.1 Description: The issue allows for Prototype Pollution via the setNestedProperty function of the Module. This can potentially lead to unintended behavior or security issues. Recommendations: For...