Lucene search
+L

97 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.23 views

Fedora 40 : doctl (2023-72ab10f1de)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-72ab10f1de advisory. Automatic update for doctl-1.101.0-2.fc40. Changelog Sat Dec 9 2023 Mikel Olasagasti Uranga - Update to 1.101.0 - Closes rhbz2253730 rhbz2248265 Tenable has...

7.5CVSS7AI score0.03796EPSS
Exploits0References2
CVE
CVE
added 2024/04/09 5:35 p.m.55 views

CVE-2024-25116

RedisBloom adds probabilistic data structures to Redis. In versions prior to 2.4.7 and 2.6.10, authenticated users can issue CF.RESERVE to trigger a runtime assertion that terminates the Redis server process. The issue is fixed in RedisBloom 2.4.7 and 2.6.10. Exposure: LOCAL access with low privi...

5.5CVSS5.4AI score0.00198EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/01/26 8:12 p.m.23 views

OpenFGA denial of service

Overview OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an "out of memory" error and terminate...

6.5CVSS6.9AI score0.00734EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/01/23 10:18 a.m.19 views

Denial Of Service

librttopo.so is vulnerable to Denial Of Service. The vulnerability is due to mishandling of empty geometries. The remote attackers can perform a DoS via a crafted STAsX3D input which leads to server termination...

7.5CVSS6.6AI score0.03046EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2023/10/11 10:15 p.m.6 views

AZL-31857 CVE-2023-39325 affecting package kured for versions less than 1.9.1-14

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/07/06 9:15 p.m.3 views

GHSA-9HXF-PPJV-W6RQ gRPC connection termination issue

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

5.3CVSS5.9AI score0.00531EPSS
Exploits0References9
OSV
OSV
added 2023/04/28 6:15 p.m.5 views

CVE-2023-25930

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862...

5.9CVSS6.8AI score0.00963EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/04/11 12:0 a.m.7 views

The vulnerability of the Redis database management system, related to the lack of measures for cleaning incoming data, allows a attacker to send a specially crafted MSETNX command, causing a service failure and terminating the Redis server process.

The vulnerability of the Redis database management system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows an attacker to send a specially crafted MSETNX command, causing a service failure and terminating the Redis server process...

5.5CVSS5.7AI score0.54978EPSS
Exploits0References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.35 views

Fedora 37 : redis (2023-86068d1187)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-86068d1187 advisory. Redis 7.0.10 Released Mon Mar 20 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-28425...

5.5CVSS7.4AI score0.54978EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/20 7:3 p.m.9 views

CVE-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS5.4AI score0.54978EPSS
Exploits0References4
OSV
OSV
added 2023/03/02 4:15 a.m.3 views

DEBIAN-CVE-2023-25155

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

6.5CVSS5.3AI score0.00902EPSS
Exploits0References1
OSV
OSV
added 2023/03/02 4:15 a.m.11 views

UBUNTU-CVE-2023-25155

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

6.5CVSS6.2AI score0.00902EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/03/02 3:59 a.m.4 views

SUSE CVE-2023-25155

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

8.2CVSS5.6AI score0.00902EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/03/02 12:0 a.m.3 views

Redis Labs Redis 输入验证错误漏洞

Redis Labs Redis is Redis Labs, Inc. is a set of open source written in ANSI C, network-enabled, memory-based can also be persistent log-type, key-value Key-Value storage database, and provides a variety of languages API. A security vulnerability exists in Redis. This vulnerability can be exploit...

6.5CVSS6.9AI score0.00902EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2023/02/04 8:0 a.m.2 views

named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries

...

7.5CVSS7.8AI score0.5017EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/12/27 12:0 a.m.23 views

Debian DLA-2857-1 : postgis - LTS security update

"The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2857 advisory. - PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted STAsX3D function input, as demonstrated by an abnorma...

7.5CVSS7.2AI score0.03046EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/11/09 6:9 p.m.4 views

bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly

Incremental zone transfers IXFR provide a way of transferring changed portions of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in...

6.5CVSS7.2AI score0.0594EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/08/18 12:0 a.m.6 views

ISC BIND 处理逻辑错误漏洞

ISC BIND is a suite of open source software from ISC that implements the DNS protocol. A Processing Logic Error vulnerability exists in ISC BIND, which originates when named attempts to respond via UDP with a response larger than the currently valid interface's Maximum Transmission Unit MTU and...

7.5CVSS6.3AI score0.03559EPSS
Exploits1References9
CNNVD
CNNVD
added 2021/06/23 12:0 a.m.3 views

IBM DB2 命令注入漏洞

IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 for Linux, UNIX, and Windows including Db2 Connect Server, which stems...

7.5CVSS5.7AI score0.01692EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2019/11/11 12:0 a.m.6 views

The vulnerability of the RouterOS operating system in MikroTik routers, related to the emergency termination of the HTTP server, allows a hacker to restart the system and cause a service failure.

The vulnerability of the RouterOS operating system for MikroTik relates to the abnormal termination of the HTTP server. Exploiting this vulnerability allows a malicious actor to remotely restart the system and cause a service failure by sending a specially crafted HTTP request...

6.8CVSS6.7AI score0.04258EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder