124 matches found
Important: amazon-cloudwatch-agent
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
SUSE CVE-2025-22059
In the Linux kernel, the following vulnerability has been resolved: udp: Fix multiple wraparounds of sk-skrmemalloc. udpenqueuescheduleskb has the following condition: if atomicread&sk-skrmemalloc sk-skrcvbuf goto drop; sk-skrcvbuf is initialised by net.core.rmemdefault and later can be configure...
Linux Distros Unpatched Vulnerability : CVE-2022-2879
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory,...
Security update golang-github-prometheus-prometheus
golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling bsc1232970 Highlights of other changes: Performance: Significant enhancements to PromQL execution speed,...
SUSE CVE-2024-52791
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
CVE-2024-52791
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
CVE-2024-52791
CVE-2024-52791 affects Matrix Media Repo (MMR). The issue is memory exhaustion when MMR parses large JSON responses from other servers, potentially consuming all available memory. The advisory states this is fixed in MMR v1.3.8 and recommends upgrading. If upgrading isn’t possible, mitigation opt...
GHSA-GP86-Q8HG-FPXJ matrix-media-repo (MMR) allows a denial of service through memory exhaustion
Impact MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. Patches This is fixed in MMR v1.3.8. Workarounds Forward...
matrix-media-repo (MMR) allows a denial of service through memory exhaustion
Impact MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. Patches This is fixed in MMR v1.3.8. Workarounds Forward...
PT-2025-2935 · Unknown +1 · Matrix Media Repo +1
Name of the Vulnerable Software and Affected Versions: Matrix Media Repo MMR versions prior to 1.3.8 Description: The issue arises when Matrix Media Repo MMR makes requests to other servers as part of its normal operation, and these servers return large amounts of JSON for parsing. During parsing...
CVE-2024-12672
Rockwell Automation Arena® contains use-after-free and out-of-bounds write vulnerabilities in processing DOE files, allowing a threat actor to achieve arbitrary code execution when a legitimate user runs crafted DOE content. The issues originate from improper memory handling in the affected code ...
PT-2024-33677
Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 3.0.6 Description: Applications using werkzeug.formparser.MultiPartParser to parse multipart/form-data requests are vulnerable to a relatively simple but effective resource exhaustion attack. A specifically crafted...
SUSE CVE-2024-46712
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them using accelerated apis. Without 3d the entire content of dumb buffers stays in the guest making all of the extra...
CVE-2024-46712 drm/vmwgfx: Disable coherent dumb buffers without 3d
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them using accelerated apis. Without 3d the entire content of dumb buffers stays in the guest making all of the extra...
UBUNTU-CVE-2024-42131
In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGESIZE units fit into 32-bit so that various multiplications fit into 64-bits. If limits end up bein...
DEBIAN-CVE-2022-48781
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - get rid of algmemoryallocated algmemoryallocated does not seem to be really used. algproto does have a .memoryallocated field, but no corresponding .sysctlmem. This means skhasaccount returns true, but all...
CVE-2022-48781 crypto: af_alg - get rid of alg_memory_allocated
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - get rid of algmemoryallocated algmemoryallocated does not seem to be really used. algproto does have a .memoryallocated field, but no corresponding .sysctlmem. This means skhasaccount returns true, but all...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from a lack of checking of the size of values in the Bloom filter in the bpf module when it is created, which may cause the kernel to cras...
CVE-2024-31309
CVE-2024-31309 affects Apache Traffic Server (ATS) HTTP/2 CONTINUATION handling. A DoS can occur due to CONTINUATION frame floods, impacting ATS 8.0.0–8.1.9 and 9.0.0–9.2.3. Upstream fixes are in 8.1.10 and 9.2.4. Practical mitigation includes setting proxy.config.http2.max_continuation_frames_pe...
CVE-2024-26795
An out-of-bounds vulnerability was found in the Sparse-Memory/vmemmap handling for RISC-V architectures in the Linux kernel. This issue potentially leads to memory corruption or unintended behavior. Mitigation Mitigation for this issue is either not available or the currently available options do...