CVE-2023-27478 Disclosure of unrelated data in libmemcached-awesome

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. libmemcached could return data for a previously requested key, if that previous request timed out due to a low POLLTIMEOUT. This issue has been addressed in version 1.1.4. Users are advised to upgrade...

CVE-2022-33244 Reachable assertion in Modem

Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout...

CVE-2022-33244

CVE-2022-33244: Transient Denial of Service due to a reachable assertion in the modem during MIB reception and SIB timeout. Documented impact is Availability (CVSS v3.1 base score 7.5). Exploitation status is not provided in the supplied materials. Connected sources consistently describe the issu...

CVE-2022-33244 Reachable assertion in Modem

Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout...

PT-2023-13257 · Qualcomm · Snapdragon +38

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient DOS due to a reachable assertion in the modem during MIB reception and SIB timeout. No information is provided about...

libmemcached-awesome 信息泄露漏洞

libmemcached-awesome is an open source C/C++ client library and tool for memcached servers from the individual developers of Awesome. An information disclosure vulnerability exists in versions of libmemcached-awesome prior to 1.1.4, which stems from a request timeout that can return previously...

PT-2023-1957 · Unknown +2 · Libmemcached-Awesome +2

Name of the Vulnerable Software and Affected Versions: libmemcached-awesome versions prior to 1.1.4 Description: The issue is related to insufficient protection of service data when handling the POLL TIMEOUT parameter, which could allow a remote attacker to gain unauthorized access to protected...

OPENSUSE-SU-2023:0064-1 Security update for trivy

This update for trivy fixes the following issues: Update to version 0.37.3 boo1208091, CVE-2023-25165: chorehelm: update Trivy from v0.36.1 to v0.37.2 3574 ci: quote pros in c++ for semantic pr 3605 fiximage: check proxy settings from env for remote images 3604 Update to version 0.37.2: BREAKING:...

kernel security and bug fix update

5.14.0-162.18.11.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

systemd: deadlock in systemd-coredump via a crash with a long backtrace

A flaw was found in the systemd-coredump utility of systemd. When an application crashes, the systemd-coredump utility is called twice, once by the kernel and the second time in the [email protected] to write the data, process, and save the core file. Communication between the programs is...

UBUNTU-CVE-2023-25824

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824

Removed by vendor...

K25165813: BIG-IP SSL connection Alert Timeout security exposure

Security Advisory Description The mitigation for K41515225: BIG-IP SSL connection security exposure may not work in all conditions. If after applying the workaround in K41515225: BIG-IP SSL connection security exposure, setting the Alert Timeout to its minimum value of 1 second, you continue to...

K16674: TLS vulnerability CVE-2015-4000

Security Advisory Description The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE...

SUSE CVE-2007-6750

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the modreqtimeout module in versions before 2.2.15...

SUSE CVE-2008-3067

sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits...

SUSE CVE-2008-4109

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...

SUSE CVE-2008-5702

Buffer underflow in the ibwdtioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOCSETTIMEOUT IOCTL call...

SUSE CVE-2010-0171

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeo...