Lucene search
K

184 matches found

OSV
OSV
added 2024/04/08 2:15 p.m.6 views

AZL-40192 CVE-2024-2511 affecting package edk2 for versions less than 20240524git3e722403cd16-8

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS6.6AI score0.54026EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 2:15 p.m.2 views

ALPINE-CVE-2024-2511

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS6.7AI score0.54026EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 2:15 p.m.7 views

AZL-42700 CVE-2024-2511 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS6.6AI score0.54026EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 2:15 p.m.7 views

AZL-39794 CVE-2024-2511 affecting package openssl for versions less than 3.3.0-1

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS6.6AI score0.54026EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 2:15 p.m.3 views

DEBIAN-CVE-2024-2511

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS7.8AI score0.54026EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 2:15 p.m.3 views

UBUNTU-CVE-2024-2511

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS6.7AI score0.54026EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/04/08 2:15 p.m.42 views

CVE-2024-2511

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS6.8AI score0.54026EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/08 1:51 p.m.39 views

CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

9.4AI score0.54026EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2024/04/08 1:51 p.m.94 views

CVE-2024-2511

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

5.9CVSS7.1AI score0.54026EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/08 12:0 a.m.125 views

OpenSSL 3.1.0 < 3.1.6 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.1.6 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the function...

7.5CVSS7.2AI score0.54026EPSS
Exploits0References9
Amazon
Amazon
added 2024/04/02 12:0 a.m.8 views

Low: curl

Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...

5.3CVSS6.7AI score0.01102EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.5 views

PT-2024-22689

Name of the Vulnerable Software and Affected Versions Saleor Storefront versions prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 Description The issue affects Saleor Storefront, software for building e-commerce experiences. When any user authenticates in the storefront, anonymous users a...

6.5CVSS6.8AI score0.0057EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.5 views

Shopware Security Vulnerabilities

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions prior to 6.5.8.7 that stems from the session being persistent in the cache of a 404 page...

7.5CVSS6.6AI score0.00611EPSS
Exploits0References5
OSV
OSV
added 2024/02/03 2:15 p.m.7 views

AZL-34648 CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.4AI score0.01102EPSS
Exploits1References1
OSV
OSV
added 2024/02/03 2:15 p.m.5 views

ALPINE-CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.9AI score0.01102EPSS
Exploits1References1
OSV
OSV
added 2024/02/03 2:15 p.m.0 views

DEBIAN-CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.9AI score0.01102EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2024/02/03 1:35 p.m.65 views

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS7.2AI score0.01102EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2024/02/02 3:45 a.m.4 views

SUSE CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

3.8CVSS8.4AI score0.01102EPSS
Exploits1References3
OSV
OSV
added 2024/01/31 8:0 a.m.36 views

CURL-CVE-2024-0853 OCSP verification bypass with TLS session reuse

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS4.8AI score0.01102EPSS
Exploits1
curl security advisories
curl security advisories
added 2024/01/31 8:0 a.m.8 views

OCSP verification bypass with TLS session reuse

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS6.3AI score0.01102EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder