Lucene search
K

127 matches found

RedHat Linux
RedHat Linux
added 2023/10/30 12:53 p.m.27 views

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update

An update is now available for Red Hat Openshift distributed tracing 2.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

7.5CVSS6.7AI score0.00508EPSS
Exploits0References2
Debian
Debian
added 2023/10/29 4:33 a.m.31 views

[SECURITY] [DLA 3635-1] node-browserify-sign security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3635-1 [email protected] https://www.debian.org/lts/security/ Yadd October 29, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

7.5CVSS7.5AI score0.00508EPSS
Exploits0
NVD
NVD
added 2023/10/26 3:15 p.m.24 views

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS6.8AI score0.00508EPSS
Exploits0References6
OSV
OSV
added 2023/10/26 3:15 p.m.2 views

DEBIAN-CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS6.2AI score0.00508EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/10/26 2:31 p.m.32 views

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS7.7AI score0.00508EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/10/02 10:24 a.m.69 views

CVE-2023-43642

A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service DoS...

7.5CVSS7.1AI score0.0104EPSS
Exploits1References4
OSV
OSV
added 2023/09/25 6:30 p.m.5 views

GHSA-55G7-9CWV-5QFV snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact

Summary snappy-java is a data compression library in Java. Its SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too-large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. Scope All...

7.5CVSS7.1AI score0.0104EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.6 views

SUSE CVE-2021-37670

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

5.5CVSS4.9AI score0.00169EPSS
Exploits0References4
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.8 views

Upgraded Q -> 3 from #508 [1675443043181]

Judge has assessed an item in Issue 508 as 3 risk. The relevant finding follows: L-05 Duration does not have upper bound The duration input parameter does not have upper bound. If the duration is mistakenly set too high, node operator will be slashed significant amount of GGP. The...

6.9AI score
Exploits0
OSV
OSV
added 2022/09/16 10:14 p.m.1 views

GHSA-QXPX-J395-PW36 TensorFlow vulnerable to segfault in `LowerBound` and `UpperBound`

Impact If LowerBound or UpperBound is given an emptysortedinputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf outtype = tf.int32 sortedinputs = tf.constant, shape=10,0, dtype=tf.float32...

5.9CVSS5.8AI score0.00383EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/09/16 8:25 p.m.16 views

CVE-2022-35965

TensorFlow is an open source platform for machine learning. If LowerBound or UpperBound is given an emptysortedinputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.8AI score0.00383EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.5 views

PT-2022-23064

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue arises when LowerBound or UpperBound is given an empty sorted inputs...

7.5CVSS7.1AI score0.00383EPSS
Exploits0References13
OSV
OSV
added 2022/06/28 12:0 a.m.16 views

GHSA-M43H-HFRQ-X8WX SystemDS CPU exhaustion vulnerability

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

8.7CVSS7.4AI score0.02042EPSS
Exploits0References6
OSV
OSV
added 2022/06/27 6:15 p.m.5 views

CVE-2022-26477

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

7.5CVSS7.2AI score0.02042EPSS
Exploits0References2
PyPA
PyPA
added 2022/06/27 6:15 p.m.8 views

PYSEC-2022-222

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

7.5CVSS7AI score0.02042EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/27 6:15 p.m.4 views

CVE-2022-26477

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

7.5CVSS7.1AI score0.02042EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/06/06 12:0 a.m.8 views

Upgraded Q -> M from 41 [1654474648312]

Judge has assessed an item in Issue 41 as Medium risk. The relevant finding follows: L02: Lack of upper bound for feeRate Line References Description Fees can be set above 1e18, preventing options from being exercised. Recommended Mitigation Steps Consider having a hard cap of x% 100%. // Eg. cap...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/29 12:0 a.m.8 views

Improper Upper Bound Definition on the depositFeeBP

Judge @GalloDaSballo has assessed item C4-002 in QA Report 198 as Medium risk. The relevant finding follows: … Impact - LOW The add function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. User funds will be locked forever...

6.9AI score
Exploits0
PyPA
PyPA
added 2022/02/03 12:15 p.m.9 views

PYSEC-2022-56

Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...

6.5CVSS6.8AI score0.00765EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/03 12:15 p.m.5 views

PYSEC-2022-111

Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...

6.5CVSS5.9AI score0.00765EPSS
Exploits1References3
Rows per page
Query Builder