CVE-2022-23486

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

Debian dla-4347 : intel-microcode - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4347 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4347-1 [email protected]...

EUVD-2024-0902

Malicious code in bioql PyPI...

Security update for clamav

This update for clamav fixes the following issues: New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. Start clamonacc with --fdpass to avoid errors due to clamd not being able to acce...

AZL-35845 CVE-2024-28180 affecting package kubernetes for versions less than 1.28.4-12

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

SUSE: Security Advisory (SUSE-SU-2023:3692-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for dcmtk (moderate)

openSUSE Security Update: Security update for dcmtk Announcement ID: openSUSE-SU-2023:0108-1 Rating: moderate References: 1206070 1208637 1208638 1208639 Cross-References: CVE-2022-2119 CVE-2022-2120 CVE-2022-2121 CVE-2022-43272 CVSS scores: CVE-2022-2119 NVD : 9.8...

CVE-2022-23492

go-libp2p is the offical libp2p implementation in the Go programming language. Version 0.18.0 and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large...

CVE-2022-23486 libp2p-rust denial of service vulnerability from lack of resource management

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

CVE-2022-23486 libp2p-rust denial of service vulnerability from lack of resource management

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

OPENSUSE-SU-2020:0222-1 Security update for hostapd

This update for hostapd fixes the following issues: hostapd was updated to version 2.9: SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks https://w1.fi/security/2019-6/ EAP-pwd changes - disable use of groups using Brainpool curves -...

GitLab: Uncontrolled Resource Consumption in any Markdown field using Mermaid

Summary I found a bypass for the mitigation of DoS via Mermaid CVE-2019-9220. As the mitigation for CVE-2019-9220, the input limit of 5000 characters is currently applied to a Mermaid code block, but it can be bypassed by simply splitting the longer payload to many code blocks. Steps to reproduce...

Denial of Service

Overview Versions of mem prior to 4.0.0 are vulnerable to Denial of Service DoS. The package fails to remove old values from the cache even after a value passes its maxAge property. This may allow attackers to exhaust the system's memory if they are able to abuse the application logging...

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

SUMMARY: ==================== This report describes a vulnerability similar to that described in my other reports 329376, 329397, 329399 The DoD https://████/psc/EXPROD/ Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution RCE and Denial of Service Attacks D...

AST-2011-005: File Descriptor Resource Exhaustion

Asterisk Project Security Advisory - AST-2011-005 Product Asterisk Summary File Descriptor Resource Exhaustion Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated TCP Based Sessions TCP SIP, Skinny, Asterisk Manager Interface, and HTTP sessions Severity Moderate Exploits...