Lucene search
K

124 matches found

Amazon
Amazon
added 2025/05/13 12:0 a.m.11 views

Important: amazon-cloudwatch-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.8AI score0.00724EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/04/18 1:23 a.m.4 views

SUSE CVE-2025-22059

In the Linux kernel, the following vulnerability has been resolved: udp: Fix multiple wraparounds of sk-skrmemalloc. udpenqueuescheduleskb has the following condition: if atomicread&sk-skrmemalloc sk-skrcvbuf goto drop; sk-skrcvbuf is initialised by net.core.rmemdefault and later can be configure...

7.5CVSS8.1AI score0.00165EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-2879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory,...

7.5CVSS6.7AI score0.01544EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/02/14 7:24 a.m.0 views

Security update golang-github-prometheus-prometheus

golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling bsc1232970 Highlights of other changes: Performance: Significant enhancements to PromQL execution speed,...

3.1CVSS6.8AI score0.00521EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2025/01/29 3:54 a.m.4 views

SUSE CVE-2024-52791

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

7.5CVSS6.9AI score0.00728EPSS
Exploits0References3
NVD
NVD
added 2025/01/16 8:15 p.m.9 views

CVE-2024-52791

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

7.5CVSS0.00728EPSS
Exploits0References2
CVE
CVE
added 2025/01/16 7:12 p.m.64 views

CVE-2024-52791

CVE-2024-52791 affects Matrix Media Repo (MMR). The issue is memory exhaustion when MMR parses large JSON responses from other servers, potentially consuming all available memory. The advisory states this is fixed in MMR v1.3.8 and recommends upgrading. If upgrading isn’t possible, mitigation opt...

7.5CVSS5.3AI score0.00728EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/16 7:7 p.m.5 views

GHSA-GP86-Q8HG-FPXJ matrix-media-repo (MMR) allows a denial of service through memory exhaustion

Impact MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. Patches This is fixed in MMR v1.3.8. Workarounds Forward...

5.3CVSS6.6AI score0.00728EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/01/16 7:7 p.m.18 views

matrix-media-repo (MMR) allows a denial of service through memory exhaustion

Impact MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. Patches This is fixed in MMR v1.3.8. Workarounds Forward...

7.5CVSS6.6AI score0.00728EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.7 views

PT-2025-2935 · Unknown +1 · Matrix Media Repo +1

Name of the Vulnerable Software and Affected Versions: Matrix Media Repo MMR versions prior to 1.3.8 Description: The issue arises when Matrix Media Repo MMR makes requests to other servers as part of its normal operation, and these servers return large amounts of JSON for parsing. During parsing...

8.9CVSS6.5AI score0.0104EPSS
Exploits2References90
CVE
CVE
added 2024/12/19 8:58 p.m.60 views

CVE-2024-12672

Rockwell Automation Arena® contains use-after-free and out-of-bounds write vulnerabilities in processing DOE files, allowing a threat actor to achieve arbitrary code execution when a legitimate user runs crafted DOE content. The issues originate from improper memory handling in the affected code ...

8.5CVSS7.1AI score0.00226EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.4 views

PT-2024-33677

Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 3.0.6 Description: Applications using werkzeug.formparser.MultiPartParser to parse multipart/form-data requests are vulnerable to a relatively simple but effective resource exhaustion attack. A specifically crafted...

7.8CVSS6.7AI score0.01093EPSS
Exploits0References202
SUSE CVE
SUSE CVE
added 2024/09/14 2:50 a.m.4 views

SUSE CVE-2024-46712

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them using accelerated apis. Without 3d the entire content of dumb buffers stays in the guest making all of the extra...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/13 6:44 a.m.15 views

CVE-2024-46712 drm/vmwgfx: Disable coherent dumb buffers without 3d

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them using accelerated apis. Without 3d the entire content of dumb buffers stays in the guest making all of the extra...

6.9AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 2024/07/30 8:15 a.m.2 views

UBUNTU-CVE-2024-42131

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGESIZE units fit into 32-bit so that various multiplications fit into 64-bits. If limits end up bein...

4.4CVSS6.1AI score0.00244EPSS
Exploits0References31
OSV
OSV
added 2024/07/16 12:15 p.m.1 views

DEBIAN-CVE-2022-48781

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - get rid of algmemoryallocated algmemoryallocated does not seem to be really used. algproto does have a .memoryallocated field, but no corresponding .sysctlmem. This means skhasaccount returns true, but all...

5.5CVSS6.2AI score0.00195EPSS
Exploits0References1
OSV
OSV
added 2024/07/16 11:13 a.m.17 views

CVE-2022-48781 crypto: af_alg - get rid of alg_memory_allocated

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - get rid of algmemoryallocated algmemoryallocated does not seem to be really used. algproto does have a .memoryallocated field, but no corresponding .sysctlmem. This means skhasaccount returns true, but all...

5.5CVSS6.4AI score0.00195EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.4 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from a lack of checking of the size of values in the Bloom filter in the bpf module when it is created, which may cause the kernel to cras...

5.5CVSS6.5AI score0.00225EPSS
Exploits0References6
CVE
CVE
added 2024/04/10 12:7 p.m.5563 views

CVE-2024-31309

CVE-2024-31309 affects Apache Traffic Server (ATS) HTTP/2 CONTINUATION handling. A DoS can occur due to CONTINUATION frame floods, impacting ATS 8.0.0–8.1.9 and 9.0.0–9.2.3. Upstream fixes are in 8.1.10 and 9.2.4. Practical mitigation includes setting proxy.config.http2.max_continuation_frames_pe...

7.5CVSS7.5AI score0.94615EPSS
Exploits1References8Affected Software1
RedhatCVE
RedhatCVE
added 2024/04/04 5:15 p.m.25 views

CVE-2024-26795

An out-of-bounds vulnerability was found in the Sparse-Memory/vmemmap handling for RISC-V architectures in the Linux kernel. This issue potentially leads to memory corruption or unintended behavior. Mitigation Mitigation for this issue is either not available or the currently available options do...

5.5CVSS7AI score0.00228EPSS
Exploits0References4
Rows per page
Query Builder