CLSA-2025-1761844638 Fix CVE(s): CVE-2023-49288, CVE-2023-5824

SECURITY UPDATE: excessive cached HTTP response header size causing worker process stall or crash - debian/patches/CVE-2023-5824.patch: Refactor serialized HTTP response header handling to prevent cache flow - CVE-2023-5824 SECURITY UPDATE: Use-After-Free in the HTTP Collapsed Forwarding Feature ...

Linux Distros Unpatched Vulnerability : CVE-2024-33599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent...

UBUNTU-CVE-2025-25066

nDPI through 4.12 has a potential stack-based buffer overflow in ndpiaddresscacherestore in lib/ndpicache.c...

nscd: Stack-based buffer overflow in netgroup cache

...

CVE-2024-33599

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was...

AZL-40310 CVE-2024-33599 affecting package glibc for versions less than 2.35-7

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was...

argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow

A flaw was found in Argo CD, where the rate limit for login attempts may be bypassed due to an incomplete fix for CVE-2020-8827. The cache-based mechanism is limited to a defaultMaxCacheSize of 1000 entries. An attacker can overflow this cache by sending excessive login attempts for different...

Important: Red Hat Security Advisory: GitOps 1.12.1- Argo CD CLI and MicroShift GitOps security update

An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.4 security update

An update is now available for Red Hat OpenShift GitOps v1.10.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Bypassing Rate Limit and Brute Force Protection Using Cache Overflow

Summary An attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined with other vulnerabilities to attack the default admin account. This flaw undermines a previously patched CVE...

CVE-2024-21662 Argo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache Overflow

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combine...

CVE-2024-21662 Argo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache Overflow

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combine...

DEBIAN-CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

bind security update

32:9.11.36-11 - Prevent exahustion of memory from control channel CVE-2023-3341 32:9.11.36-10 - Prevent the cache going over the configured limit CVE-2023-2828 32:9.11.36-9 - Prevent flooding with UPDATE requests CVE-2022-3094 - include upstream test for that change...

CVE-2023-5330

Mattermost is reported vulnerable to a Denial of Service via the OpenGraph cache. The issue stems from failing to enforce a limit on the size of cache entries for OpenGraph data, allowing an attacker to send crafted requests to /api/v4/opengraph that can fill the cache and render the server unava...

Fedora 38 : xen (2023-4125279976)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4125279976 advisory. arm32: The cache may not be properly cleaned/invalidated XSA-437, CVE-2023-34321 top-level shadow reference dropped too early for 64-bit PV guests...

bind security update

2:9.11.4-26.P2.14 - Prevent the cache going over the configured limit CVE-2023-2828...

CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

OESA-2021-1408 strongswan security update

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. Security Fixes: The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS...

CVE-2021-41991

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random...