Lucene search
K

223 matches found

Cvelist
Cvelist
added 2024/01/18 6:45 p.m.31 views

CVE-2024-22419 concat built-in can corrupt memory in vyper

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the buildIR for concat doesn't properly adhere to the API of co...

7.3CVSS10AI score0.0077EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/01/05 12:0 a.m.33 views

openSUSE 15 Security Update : proftpd (openSUSE-SU-2024:0008-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0008-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

7.5CVSS7.2AI score0.93305EPSS
Exploits5References7
SUSE CVE
SUSE CVE
added 2023/12/23 2:38 a.m.1 views

SUSE CVE-2023-51713

makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...

7.5CVSS9.3AI score0.04249EPSS
Exploits1References4
Prion
Prion
added 2023/12/22 3:15 a.m.17 views

Out-of-bounds

makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...

5CVSS7.1AI score0.04249EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2023/12/22 12:0 a.m.46 views

CVE-2023-51713

makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...

7.5CVSS7.6AI score0.04249EPSS
Exploits1
Cvelist
Cvelist
added 2023/12/22 12:0 a.m.33 views

CVE-2023-51713

makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...

7.6AI score0.04249EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/08 12:37 p.m.41 views

Security Bulletin: A vulnerability in Node.js http-cache-semantics package affects Data Replication on Cloud Pak for Data

Summary A vulnerability in Node.js http-cache-semantics package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of...

7.5CVSS6.8AI score0.01613EPSS
Exploits1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2023/10/16 12:0 a.m.13 views

Apache Kafka’s Exactly-Once Semantics in Spring Cloud Stream Kafka Applications

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...

6.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/10/09 10:29 a.m.6 views

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

7.5CVSS7.1AI score0.01613EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/10/09 12:0 a.m.45 views

RHEL 9 : nodejs (RHSA-2023:5533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5533 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.8CVSS7.1AI score0.03906EPSS
Exploits5References29
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 8:18 a.m.22 views

Security Bulletin: IBM Operational Decision Manager August 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-2047...

9.8CVSS9.2AI score0.17673EPSS
Exploits8Affected Software1
OSV
OSV
added 2023/09/02 11:5 a.m.5 views

OESA-2023-1551 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

9.8CVSS7.4AI score0.77278EPSS
Exploits7References15
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 5:28 p.m.51 views

Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and improper file download via http-cache-semantics, Gin-Gonic, and YAML (CVE-2022-25881, CVE-2023-2251, CVE-2023-29401)

Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be vulnerable to denial of service via http-cache-semantics, denial of service via TypeScript's yaml and improper file attachment download for Node.js's http-cache-semantics as...

7.5CVSS6.6AI score0.01613EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 1:39 a.m.63 views

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to multiple vulnerabilities

Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities, based on current information, in the following 3rd-party components: Stanford coreNLP, FasterXML jackson-databind, SnakeYAML, Dromera Hutool, jsoup, Node.js vm2 and Node.js http-cache-semantics. These...

10CVSS9.5AI score0.72087EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 5:23 p.m.28 views

Security Bulletin: Node.js http-cache-semantics module is vulnerable to CVE-2022-25881 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Node.js http-cache-semantics modulewhich is vulnerable to CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression...

7.5CVSS6.8AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 6:28 p.m.19 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js http-cache-semantics module denial of service ( CVE-2022-25881)

Summary Potential Node.js http-cache-semantics module denial of service CVE-2022-25881 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js...

7.5CVSS6.8AI score0.01613EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2023/06/27 11:28 a.m.58 views

Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]

An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact...

9.8CVSS6.7AI score0.19653EPSS
Exploits3References10
RedHat Linux
RedHat Linux
added 2023/06/27 11:28 a.m.5 views

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

7.5CVSS7.1AI score0.01613EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 7:33 p.m.32 views

Security Bulletin: Node.js http-cache-semantics module is vulnerable to CVE-2022-25881 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Node.js http-cache-semantics module which is vulnerable to CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...

7.5CVSS6.8AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 7:33 p.m.42 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Node.js http-cache-semantics module (CVE-2022-25881)

Summary A vulnerability in Node.js http-cache-semantics module used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...

7.5CVSS6.7AI score0.01613EPSS
Exploits1Affected Software1
Rows per page
Query Builder