Security Bulletin: Security Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processe...

CVE-2024-4067

A flaw was found in the NPM package micromatch where it is vulnerable to a regular expression denial of service ReDoS. The issue occurs in micromatch.braces in index.js because the pattern . will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking t...

CVE-2024-4067

CVE-2024-4067 affects the NPM package micromatch prior to 4.0.8. The vulnerability is in micromatch.braces() in index.js, where the pattern .* can cause extreme backtracking (ReDoS) as input grows, leading to hangs or slowdowns. A fix was merged and the issue is noted as mitigated by upgrading to...

CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

Cross site request forgery (csrf)

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in email protected...

F5 Networks BIG-IP : BIG-IP SNMPD vulnerability (K12139752)

Under certain conditions, the snmpd process may leak memory on a multi-blade BIG-IP Virtual Clustered Multiprocessing vCMP guest when processing authorized SNMP requests. CVE-2019-6608 Impact Over time, the snmpd process consumes excessive memory, forcing the BIG-IP system to slow down and...

CVE-2017-16098

charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...

Regular Expression Denial Of Service (ReDoS)

node-forge is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is caused by a weak choice of regular expression regex groups and allows a given string to cause a huge performance slow down...

Slow Down - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Slow Down published at the 'play' market has multiple vulnerabilities...

Fedora 20 : java-1.7.0-openjdk-1.7.0.60-2.4.4.1.fc20 (2014-1048)

Security update to icedtea 2.4.4 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml Now also arm32 have icedtea 2.4.4, as 2.3 was no longer maintainable. Please note, this will bring significant, but necessary slow down aporx 30% on arm32. As buggy arm32 JIT was removed in...

Linux Kernel 2.6.13 Local root Exploit

Exploit for linux platform in category local exploits / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Apple Mac OSX Safari 2.0.3 (417.9.2) - ROWSPAN Denial of Service (PoC)

Apple Mac OSX Safari 2.0.3 417.9.2 - ROWSPAN Denial of Service PoC milw0rm.com 2006-04-24...

gdb security update

CentOS Errata and Security Advisory CESA-2005:709 An updated gdb package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written ...

[SECURITY] [DSA 705-1] New wu-ftpd packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 705-1 [email protected] http://www.debian.org/security/ Martin Schulze April 4th, 2005 http://www.debian.org/security/faq -...