Lucene search
K

412 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:41 a.m.6 views

CVE-2024-1093

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory...

5.3CVSS6.7AI score0.00427EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.5 views

CVE-2022-3759

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child...

7.5CVSS6.5AI score0.01216EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.4 views

CVE-2021-28706

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may...

8.6CVSS7.2AI score0.0206EPSS
Exploits0References1
Amazon
Amazon
added 2025/04/29 12:0 a.m.7 views

Medium: docker

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Medium: runc

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.7 views

Medium: containerd

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.8 views

Medium: containerd

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Medium: runc

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/04/09 1:8 p.m.14 views

xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory

Summary Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example,...

6.5CVSS7AI score0.00434EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/03/17 2:15 p.m.3 views

DEBIAN-CVE-2025-29786

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

7.5CVSS7.2AI score0.00577EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/03/17 1:15 p.m.11 views

CVE-2025-29786

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

7.5CVSS7.2AI score0.00577EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-5688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors...

8.1CVSS8.6AI score0.04824EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/12/24 12:0 a.m.6 views

openSUSE Security Advisory (SUSE-SU-2024:4407-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS7.5AI score0.00408EPSS
Exploits1References5
OSV
OSV
added 2024/12/23 8:49 a.m.9 views

SUSE-SU-2024:4407-1 Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative

This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues: - CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in nett...

5.5CVSS7.5AI score0.00408EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.5 views

PT-2024-32648 · Netty +1 · Netty +1

Name of the Vulnerable Software and Affected Versions: Netty versions prior to 4.1.115 Description: The issue is related to an unsafe reading of environment files, potentially causing a denial of service in Netty. When loaded on a Windows application, Netty attempts to load a file that does not...

9.9CVSS7.4AI score0.97809EPSS
Exploits22References55
Tenable Nessus
Tenable Nessus
added 2024/11/06 12:0 a.m.16 views

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-8846)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8846 advisory. aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common 1-82.0.1 - Updated removed references Orabug: 33473101 Alex...

8.2CVSS6.6AI score0.0099EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2024/11/05 12:0 a.m.296 views

container-tools:ol8 security update

aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common 1-82.0.1 - Updated removed references Orabug: 33473101 Alex Burmashev - Adjust registries.conf Nikita Gerasimov - remove references to RedHat registry Nikita Gerasimov container-selinux criu crun fuse-overlay...

8.2CVSS7AI score0.0099EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.5 views

PT-2024-33677

Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 3.0.6 Description: Applications using werkzeug.formparser.MultiPartParser to parse multipart/form-data requests are vulnerable to a relatively simple but effective resource exhaustion attack. A specifically crafted...

7.8CVSS6.7AI score0.01093EPSS
Exploits0References202
Oracle linux
Oracle linux
added 2024/09/24 12:0 a.m.309 views

container-tools:ol8 security update

aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman 4.9.4-13.0.1 - Fixes issue of container created in cgroupv2 not start in cgroupv1 Orabug: 36136813 - Fixes container...

7.5CVSS8.4AI score0.01414EPSS
Exploits0
CVE
CVE
added 2024/08/27 5:16 p.m.63 views

CVE-2024-43783

The CVE affects Apollo Router Core. If using External Coprocessing, versions 1.21.x–1.52.0 with router.request.body enabled can load entire HTTP request bodies into memory, risking OOM. If using a Native Rust Plugin, versions 1.7.0–1.51.x that access Request.router_request and accumulate the body...

7.5CVSS7.5AI score0.00857EPSS
Exploits1References6Affected Software3
Rows per page
Query Builder