685 matches found
Important: Red Hat Security Advisory: osbuild-composer security update
An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2025-46656
python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...
XML Entity Expansion (XEE)
org.apache.solr, solr-core is vulnerable to an XML Entity Expansion XEE. The vulnerability is due to XML resource consumption caused by the use of XML DOCTYPE and ENTITY declarations, which allows an attacker to trigger excessive memory usage during XML parsing, leading to out-of-memory errors...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.26 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
USN-7433-1: GraphicsMagick vulnerabilities
It was discovered that GraphicsMagick did not properly limit image dimensions, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. CVE-2025-27795 It was discovered that GraphicsMagick did not properly handle certain memory...
RHEL 9 : grafana (RHSA-2025:3616)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:3616 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-jwt/jwt: jwt-go...
RHEL 9 : grafana (RHSA-2025:3618)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3618 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-jwt/jwt: jwt-go...
CBL Mariner 2.0 Security Update: gdb (CVE-2022-48064)
The version of gdb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-48064 advisory. - GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the functi...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.50 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.24 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.24 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Out Of Memory Error
org.keycloak, keycloak-services is vulnerable to an Out Of Memory Error. The vulnerability is due to unbounded caching of JWT tokens with long expiration times, causing excessive memory consumption and potential system failure. It allows an attacker to cause a Denial of Service DoS by exhausting...
jwt-go allows excessive memory allocation during header parsing
...
Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-053)
The version of runfinch-finch installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-053 advisory. SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-914)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-914 advisory. SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to b...
Important: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 For more details about the security issues, including the impact, a CVSS...
GO-2025-3553 Excessive memory allocation during header parsing in github.com/golang-jwt/jwt
Excessive memory allocation during header parsing in github.com/golang-jwt/jwt...
CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
GHSA-V464-R2R9-WWW7 Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP
An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...