octubre 2023 – Página 8

4 octubre, 2023

K000137107 : Crypto++ vulnerability CVE-2022-48570

Security Advisory Description Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the ... More info: https://my.f5.com/manage/s/article/K000137107?utm_source=f5support&utm_medium=RSS

4 octubre, 2023

K000137093 : Node.js vulnerabilities CVE-2018-7167, CVE-2018-12115, and CVE-2018-12116

Security Advisory Description CVE-2018-7167 Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this ... More info: https://my.f5.com/manage/s/article/K000137093?utm_source=f5support&utm_medium=RSS

4 octubre, 2023

Reported TorchServe Issue (CVE-2023-43654)

Publication Date: 2023/10/02 02:00 PM EDT AWS is aware of CVE-2023-43654 and CVE-2022-1471 in PyTorch TorchServe versions 0.3.0 to 0.8.1, which use a version of the SnakeYAML v1.31 open source library. TorchServe version 0.8.2 resolves these issues. AWS recommends customers using PyTorch inference Deep Learning Containers (DLC) 1.13.1, 2.0.0, or 2.0.1 in EC2, EKS, or ECS released prior to September 11, 2023, update to TorchServe version 0.8.2. Customers using PyTorch inference Deep Learning More info: https://aws.amazon.com/security/security-bulletins/AWS-2023-009/

3 octubre, 2023

K000135997 : Multiple Node.js vulnerabilities

Security Advisory Description CVE-2023-32002 The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This ... More info: https://my.f5.com/manage/s/article/K000135997?utm_source=f5support&utm_medium=RSS

3 octubre, 2023

K000137090 : Node.js vulnerabilities CVE-2018-12121, CVE-2018-12122, and CVE-2018-12123

Security Advisory Description CVE-2018-12121 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many ... More info: https://my.f5.com/manage/s/article/K000137090?utm_source=f5support&utm_medium=RSS

3 octubre, 2023

Reported TorchServe Issue (CVE-2023-43654)

Publication Date: 2023/10/02 02:00 PM EDT AWS is aware of CVE-2023-43654 in PyTorch TorchServe versions 0.3.0 to 0.8.1, which use a version of the SnakeYAML v1.31 open source library. TorchServe version 0.8.2 resolves these issues. AWS recommends customers using PyTorch inference Deep Learning Containers (DLC) 1.13.1, 2.0.0, or 2.0.1 in EC2, EKS, or ECS released prior to September 11, 2023, update to TorchServe version 0.8.2. Customers using PyTorch inference Deep Learning Containers (DLC) More info: https://aws.amazon.com/security/security-bulletins/AWS-2023-009/