11 matches found
Astra Linux - уязвимость в zeromq3
A uncontrolled resource consumption memory leak flaw was discovered in ZeroMQ’s src/xpub.cpp in versions prior to 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if CURVE/ZAP authentication is disabled on the server, resulting i...
GHSA-9F8F-2VMF-885J Data exposure via ZeroMQ on multi-node vLLM deployment
Impact In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism acros...
Malicious code in xpub-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc3e9ded369fe8fed74a7f23ab0c33cbbda2a1e16aab8c2283faba59903c49d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8533 Malicious code in xpub-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc3e9ded369fe8fed74a7f23ab0c33cbbda2a1e16aab8c2283faba59903c49d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2021-20237
An uncontrolled resource consumption memory leak flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a...
CVE-2022-32984
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the...
Code injection
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the...
CVE-2022-32984
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the...
CVE-2022-32984
BTCPay Server 1.3.0–1.5.3 is affected by CVE-2022-32984. The issue allows a remote attacker viewing a publicly exposed Point of Sale app to access sensitive data contained in the HTML source, including the store’s xpub and, if an internal lightning node isn’t used, lightning node credentials. The...
DEBIAN-CVE-2021-20237
An uncontrolled resource consumption memory leak flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. An uncontrolled resource consumption memory leak flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume...