1908 matches found
CVE-2022-3064 Excessive resource consumption in gopkg.in/yaml.v2
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
Go-Yaml 资源管理错误漏洞
Go-Yaml is a Yaml support for the Go language. It enables Go programs to easily encode and decode Yaml values. A security vulnerability exists in Go-Yaml, which stems from the fact that parsing malicious or large YAML documents may consume too much CPU or memory...
Stack overflow
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...
CVE-2022-23524
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...
CVE-2022-23524 Helm vulnerable to Denial of service through string value parsing
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...
CVE-2022-23524 Helm vulnerable to Denial of service through string value parsing
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the strvals package can cause a stack overflow. In Go, a stack overflow cannot be recovered fro...
GHSA-6RX9-889Q-VV2R Helm vulnerable to denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service atta...
Design/Logic Flaw
The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.o...
CVE-2022-3882
CVE-2022-3882 concerns the WordPress WP Memory plugin prior to 2.46. The vulnerability is a lack of proper authorization and CSRF protection in an AJAX action, allowing any authenticated user (e.g., a subscriber) to call the action and install/activate arbitrary plugins from wordpress.org. Connec...
PT-2022-24582 · WordPress · Memory Usage
Name of the Vulnerable Software and Affected Versions: Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin versions prior to 2.46 Description: The issue concerns a lack of proper authorization and CSRF protection in an AJAX action. This allows any...
Denial Of Service (DoS)
github.com/golang/net is vulnerable to Denial Of Service DoS. An attacker is able to cause excessive memory usage when the server accepts HTTP/2 requests with very large keys allocating approximately 64 MiB per open connection, resulting in denial of service...
LAVA Denial of Service Vulnerability
LAVA is a continuous integration system open sourced by LAVA. It is used to deploy operating systems to physical and virtual hardware to run tests.A denial of service vulnerability exists in versions of LAVA prior to 2022.11. The vulnerability stems from the fact that a user with valid credential...
ROS-20221123-01
The vulnerability of qfbufaddline function of Vim text editor is related to memory usage after its release. Exploitation of the vulnerability may allow an intruder to affect the confidentiality, integrity and availability of protected information Vulnerability of the inscompladd function of the...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
ROS-20221118-04
A vulnerability in Mozilla Firefox browser is related to a post-release memory usage error in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, to force a victim to visit a specially crafted website, trigger a post-release usage error and...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
CVE-2022-44641
Summary: CVE-2022-44641 concerns LAVA (Linaro Automated Validation Architecture) where a user with valid credentials can submit crafted XMLRPC requests that trigger recursive XML entity expansion, causing memory exhaustion on the server and resulting in a Denial of Service. Impact and scope: The ...
ROS-20221118-05
A vulnerability in Mozilla Thunderbird email client is related to a memory usage error after a release in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, cause a victim to visit a specially crafted website, trigger a post-release usage...
bind security update
32:9.11.36-5 - Fix memory leak in ECDSA verify processing CVE-2022-38177 - Fix memory leak in EdDSA verify processing CVE-2022-38178 32:9.11.36-4 - Tighten cache protection against record from forwarders CVE-2021-25220 - Include test of forwarders 32:9.11.36-2 - Reduce memory used per-view on...
[SECURITY] Fedora 37 Update: nginx-1.22.1-1.fc37
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...