Lucene search
K

1908 matches found

Vulnrichment
Vulnrichment
added 2022/12/27 9:17 p.m.2 views

CVE-2022-3064 Excessive resource consumption in gopkg.in/yaml.v2

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

7.8AI score0.017EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.3 views

Go-Yaml 资源管理错误漏洞

Go-Yaml is a Yaml support for the Go language. It enables Go programs to easily encode and decode Yaml values. A security vulnerability exists in Go-Yaml, which stems from the fact that parsing malicious or large YAML documents may consume too much CPU or memory...

7.5CVSS6.5AI score0.017EPSS
Exploits0References16
Prion
Prion
added 2022/12/15 7:15 p.m.22 views

Stack overflow

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...

5CVSS8.2AI score0.0076EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/12/15 7:15 p.m.37 views

CVE-2022-23524

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...

7.5CVSS3.6AI score0.0076EPSS
Exploits0
OSV
OSV
added 2022/12/15 12:28 a.m.35 views

CVE-2022-23524 Helm vulnerable to Denial of service through string value parsing

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...

5.3CVSS8.5AI score0.0076EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/15 12:28 a.m.40 views

CVE-2022-23524 Helm vulnerable to Denial of service through string value parsing

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...

5.3CVSS8.6AI score0.0076EPSS
Exploits0References1
OSV
OSV
added 2022/12/14 9:36 p.m.33 views

GHSA-6RX9-889Q-VV2R Helm vulnerable to denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service atta...

5.3CVSS7.2AI score0.0076EPSS
Exploits0References5
Prion
Prion
added 2022/12/12 6:15 p.m.18 views

Design/Logic Flaw

The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.o...

4CVSS6.5AI score0.00327EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/12/12 5:54 p.m.70 views

CVE-2022-3882

CVE-2022-3882 concerns the WordPress WP Memory plugin prior to 2.46. The vulnerability is a lack of proper authorization and CSRF protection in an AJAX action, allowing any authenticated user (e.g., a subscriber) to call the action and install/activate arbitrary plugins from wordpress.org. Connec...

6.5CVSS6.5AI score0.00327EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.8 views

PT-2022-24582 · WordPress · Memory Usage

Name of the Vulnerable Software and Affected Versions: Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin versions prior to 2.46 Description: The issue concerns a lack of proper authorization and CSRF protection in an AJAX action. This allows any...

6.5CVSS6.5AI score0.00327EPSS
Exploits2References4
Veracode
Veracode
added 2022/12/09 4:54 p.m.29 views

Denial Of Service (DoS)

github.com/golang/net is vulnerable to Denial Of Service DoS. An attacker is able to cause excessive memory usage when the server accepts HTTP/2 requests with very large keys allocating approximately 64 MiB per open connection, resulting in denial of service...

5.3CVSS6.6AI score0.05623EPSS
Exploits0References27Affected Software19
CNVD
CNVD
added 2022/11/23 12:0 a.m.32 views

LAVA Denial of Service Vulnerability

LAVA is a continuous integration system open sourced by LAVA. It is used to deploy operating systems to physical and virtual hardware to run tests.A denial of service vulnerability exists in versions of LAVA prior to 2022.11. The vulnerability stems from the fact that a user with valid credential...

3.5AI score0.00972EPSS
Exploits0Affected Software1
Redos
Redos
added 2022/11/23 12:0 a.m.43 views

ROS-20221123-01

The vulnerability of qfbufaddline function of Vim text editor is related to memory usage after its release. Exploitation of the vulnerability may allow an intruder to affect the confidentiality, integrity and availability of protected information Vulnerability of the inscompladd function of the...

7.8CVSS7.8AI score0.01074EPSS
Exploits4
UbuntuCve
UbuntuCve
added 2022/11/18 9:15 p.m.35 views

CVE-2022-44641

In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...

6.5CVSS6.6AI score0.00972EPSS
Exploits0References3
Redos
Redos
added 2022/11/18 12:0 a.m.43 views

ROS-20221118-04

A vulnerability in Mozilla Firefox browser is related to a post-release memory usage error in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, to force a victim to visit a specially crafted website, trigger a post-release usage error and...

6.5CVSS8.7AI score0.00696EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/11/18 12:0 a.m.7 views

CVE-2022-44641

In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...

6.3AI score0.00972EPSS
Exploits0References3
CVE
CVE
added 2022/11/18 12:0 a.m.72 views

CVE-2022-44641

Summary: CVE-2022-44641 concerns LAVA (Linaro Automated Validation Architecture) where a user with valid credentials can submit crafted XMLRPC requests that trigger recursive XML entity expansion, causing memory exhaustion on the server and resulting in a Denial of Service. Impact and scope: The ...

6.5CVSS6.2AI score0.00972EPSS
Exploits0References3Affected Software1
Redos
Redos
added 2022/11/18 12:0 a.m.32 views

ROS-20221118-05

A vulnerability in Mozilla Thunderbird email client is related to a memory usage error after a release in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, cause a victim to visit a specially crafted website, trigger a post-release usage...

6.5CVSS8.8AI score0.00696EPSS
Exploits0
Oracle linux
Oracle linux
added 2022/11/15 12:0 a.m.63 views

bind security update

32:9.11.36-5 - Fix memory leak in ECDSA verify processing CVE-2022-38177 - Fix memory leak in EdDSA verify processing CVE-2022-38178 32:9.11.36-4 - Tighten cache protection against record from forwarders CVE-2021-25220 - Include test of forwarders 32:9.11.36-2 - Reduce memory used per-view on...

7.5CVSS2.5AI score0.0325EPSS
Exploits0
Fedora
Fedora
added 2022/11/10 10:49 p.m.52 views

[SECURITY] Fedora 37 Update: nginx-1.22.1-1.fc37

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

7.8CVSS2.2AI score0.01069EPSS
Exploits2
Rows per page
Query Builder