F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM and vulnerability (K000137270)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137270 advisory. - When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase...

GHSA-6P92-QFQF-QWX4 OpenRefine JDBC Attack Vulnerability

Summary A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 Details Vulnerability Recurrence Start by constructing a malicious MySQL Server using the open source project MySQLFakeServer here. Then go to the Jdbc connection trigger vulnerability Vulnerability Analysis This vulnerability ...

PT-2024-1112 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.4R3 Junos OS versions prior to 22.1R3 Junos OS versions prior to 22.2R3 Junos OS Evolved versions prior to 21.4R3-EVO Junos OS Evolved versions prior to 22.1R3-EVO Junos OS Evolved versions prior to 22.2R3-EVO...

Incorrect license usage shown in Endpoint Management

In-use license counts in the Endpoint Management console do not match the actual number of licenses being utilized...

CPU consumed by a session on VDA mismatches associated session or published apps importance level

The CPU resource consumed by a session on a XenApp Server does not match the associated session and/or published application importance levels...

Intel QuickAssist Technology Security Vulnerability

Intel QuickAssist Technology is an Intel technology that improves server utilization. The technology improves server efficiency by sharing the stress of compute-intensive tasks to equalize server pressure. A security vulnerability exists in Intel QuickAssist Technology QAT. An attacker could...

Intel QuickAssist Technology Security Vulnerability

Intel QuickAssist Technology is an Intel technology that improves server utilization. The technology improves server efficiency by sharing the stress of compute-intensive tasks to equalize server pressure. A security vulnerability exists in Intel QuickAssist Technology. An attacker could exploit...

s2n-quic potential denial of service via crafted stream frames

Impact An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits. Impacted versions: = v1.30.0. Patches The patch is included in v1.31.0 1. Workarounds There is no workaround. Applications using s2n-quic should upgrade to the most recen...

GHSA-475V-PQ2G-FP9G s2n-quic potential denial of service via crafted stream frames

Impact An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits. Impacted versions: = v1.30.0. Patches The patch is included in v1.31.0 1. Workarounds There is no workaround. Applications using s2n-quic should upgrade to the most recen...

PT-2023-32973 · Amazon · S2N-Quic

Name of the Vulnerable Software and Affected Versions: s2n-quic versions prior to 1.31.0 Description: The issue in s2n-quic results in unnecessary resource utilization when peers open streams beyond advertised limits. Recommendations: For versions prior to 1.31.0, upgrade to version 1.31.0 or lat...

CVE-2023-20155

Summary: CVE-2023-20155 affects Cisco Firepower Management Center (FMC). The issue is a lack of rate-limiting on a logging API used by FMC, which can be exploited by an unauthenticated remote attacker to cause a DoS (CPU spiking to 100% and potential reload) or, with valid credentials but not Adm...

Cisco Firepower Management Center Software Log API Denial of Service Vulnerability

A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...

Denial Of Service (DoS)

pypdf is vulnerable to Denial Of Service DoS. The vulnerability is caused by a missing validation check if the current object in a clone operation has already been visited so that it will not be added in to a list of objects to visit again. An attacker can craft a malicious PDF which can lead to ...

Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incomi...

CVE-2023-46250

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...

Path traversal

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...

CVE-2023-46250 pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...

CVE-2023-46250 pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...

CVE-2023-46250 pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...

Advisory ROSA-SA-2023-2279

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.15.x8664.rpm CVE-ID: CVE-2023-2828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Each named instance configured to act as a recursive resolver maintains a cache database containing responses to queries it has recently sent ...