9 matches found
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: wwan: t7xx: Fixed the FSM command timeout issue When the driver processes the internal state change command, it uses an asynchronous thread to handle the command operation. If the main thread detects that the task has tim...
EUVD-2023-1532
Malicious code in bioql PyPI...
GHSA-4MW5-2636-4535 op_panic in the base runtime can force a panic in the runtime's containing thread
Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic...
Denial Of Service (DoS)
github.com/sigstore/rekor is vulnerable to Denial of Service DoS attacks. A malicious user is able to submit a malformed intoto/v0.0.2 type, resulting in a thread panic resulting in the client receiving a 500 error message and eventually recovering the thread...
CVE-2023-33199
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...
Design/Logic Flaw
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...
CVE-2023-33199
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...
CVE-2023-33199
CVE-2023-33199 concerns Rekor: a malformed proposed entry of the intoto/v0.0.2 type can cause a panic in a Rekor thread. The thread is recovered and the process returns a 500 error, with availability impact described as minimal. A fix is available in Rekor v1.2.0, and upgrade is advised. The conn...
PT-2023-24216 · Rekor +1 · Rekor +1
Name of the Vulnerable Software and Affected Versions: Rekor versions prior to 1.2.0 Description: A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered, resulting in a 500 error message to the client, with minimal...