27 matches found
CVE-2025-68934
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...
EUVD-2025-206443
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...
PT-2026-5193
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. Authenticated users can submit...
Seroval security vulnerabilities
Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the handling of overly large array length values during deserialization, which can significantly increase processing time...
AZL-54401 CVE-2024-45338 affecting package packer for versions less than 1.9.5-7
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54488 CVE-2024-45338 affecting package podman for versions less than 5.6.1-2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
EulerOS 2.0 SP12 : shim (EulerOS-SA-2024-1862)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications tha...
Oracle Linux 9 : edk2 (ELSA-2024-2264)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2264 advisory. - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853 -...
EulerOS 2.0 SP10 : shim (EulerOS-SA-2023-2825)
According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications th...
EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2023-3058)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact...
EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2023-2922)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact...
EulerOS Virtualization 2.11.1 : shim (EulerOS-SA-2023-3050)
According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary:...
EulerOS 2.0 SP8 : openssl (EulerOS-SA-2023-3141)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Application...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2830)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2831)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2598)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-2623)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Application...
openSUSE 15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:2470-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2470-1 advisory. - Update to version 3.0.8 bsc1207541. - CVE-2022-40735: Fixed remote trigger of expensive server-side DHE modular-exponentiation with long exponents ...
SUSE SLES12: libopenssl-devel / libopenssl1_0_0 / libopenssl1_0_0-32bit / etc (SUSE-SU-2023:2332-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2332-1 advisory. - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers bsc1211430. Tenable has extracted the preceding description bloc...
CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...