Lucene search
K

1906 matches found

Fedora
Fedora
added 2023/03/15 12:47 a.m.16 views

[SECURITY] Fedora 36 Update: libmemcached-awesome-1.1.4-1.fc36

libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2023/03/15 12:0 a.m.7 views

Fedora: Security Advisory for libmemcached-awesome (FEDORA-2023-c9bbaadcbf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/03/13 8:53 p.m.27 views

fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

Summary Fuzz testing on crossplane/crossplane, by Ada Logics and sponsored by the CNCF, identified input to a function in the fieldpath package that can cause an out of memory panic. Applications that use the Paved type's SetValue method with user provided input without proper validation might us...

7.5CVSS7.3AI score0.00798EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2023/03/11 4:4 a.m.12 views

[SECURITY] Fedora 38 Update: libmemcached-awesome-1.1.4-1.fc38

libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...

7.3AI score
Exploits0
OSV
OSV
added 2023/03/10 11:47 p.m.19 views

GHSA-V829-X6HH-CQFQ Crossplane-runtime contains Improper Input Validation via Compositions

Summary Fuzz testing, by Ada Logics and sponsored by the CNCF, identified a vulnerability in the fieldpath package from crossplane/crossplane-runtime that an already highly privileged Crossplane user able to create or update Compositions could leverage to cause an out of memory panic in Crossplan...

6.2CVSS5.7AI score0.00678EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/03/10 11:47 p.m.30 views

Crossplane-runtime contains Improper Input Validation via Compositions

Summary Fuzz testing, by Ada Logics and sponsored by the CNCF, identified a vulnerability in the fieldpath package from crossplane/crossplane-runtime that an already highly privileged Crossplane user able to create or update Compositions could leverage to cause an out of memory panic in Crossplan...

6.2CVSS5.5AI score0.00678EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/03/09 9:15 p.m.46 views

CVE-2023-27484

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

6.2CVSS6.2AI score0.00678EPSS
Exploits0References1
Prion
Prion
added 2023/03/09 9:15 p.m.11 views

Code injection

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

3.3CVSS5.1AI score0.00678EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/09 8:22 p.m.9 views

CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

6.2CVSS6.3AI score0.00678EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/09 8:22 p.m.45 views

CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

6.2CVSS6.4AI score0.00678EPSS
Exploits0References1
CVE
CVE
added 2023/03/09 8:22 p.m.58 views

CVE-2023-27484

Summary : CVE-2023-27484 affects crossplane-runtime (Go libraries) used for building Kubernetes controllers in Crossplane stacks. A highly privileged user who can create or update Compositions can specify an arbitrarily high index in a patch’s ToFieldPath. If the index exceeds the current target ...

6.2CVSS5.7AI score0.00678EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/03/09 8:22 p.m.31 views

CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

6.2CVSS5.4AI score0.00678EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/02/28 3:48 p.m.2 views

go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...

7.5CVSS7.3AI score0.017EPSS
Exploits0References8
F5 Networks
F5 Networks
added 2023/02/21 7:37 p.m.42 views

K81223200: Oracle Java SE vulnerability CVE-2016-3425

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. CVE-2016-3425 Impact An authenticated attacker can input specially crafted XML th...

5CVSS6.8AI score0.038EPSS
Exploits0Affected Software24
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.52 views

K76328112: BIG-IP TMM vulnerability CVE-2019-6683

Security Advisory Description BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions. CVE-2019-6683 Impact This vulnerability is present only on BIG-IP Virtual Edition VE systems with limited bandwidth licenses...

7.5CVSS7.3AI score0.01014EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 6:26 p.m.35 views

K15852: Linux kernel vulnerability CVE-2014-3122

Security Advisory Description Description The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires...

4.9CVSS5.3AI score0.00545EPSS
Exploits0Affected Software17
NVD
NVD
added 2023/02/20 4:15 p.m.37 views

CVE-2023-25656

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

7.5CVSS7.5AI score0.0044EPSS
Exploits0References2
CVE
CVE
added 2023/02/20 12:0 a.m.397 views

CVE-2023-25656

The CVE affects notation-go (notaryproject) prior to 1.0.0-rc.3, where signature verification may cause memory exhaustion leading to process death and availability impact. Root cause is excessive memory use during verification; a patch is available in v1.0.0-rc.3. Remediation: upgrade to v1.0.0-r...

7.5CVSS7.4AI score0.0044EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/17 11:4 a.m.3 views

OESA-2023-1098 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References2
OSV
OSV
added 2023/02/17 11:4 a.m.3 views

OESA-2023-1097 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References2
Rows per page
Query Builder