Lucene search
K

30 matches found

NVD
NVD
added 2025/12/18 10:16 p.m.5 views

CVE-2025-68384

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

6.5CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-2309

Malware in sbrugna...

7.5CVSS7.4AI score0.01434EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-27565

Malicious code in bioql PyPI...

2.7CVSS6.8AI score0.00699EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 10:18 a.m.15 views

Security Bulletin: The Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression, affects watsonx.data

Summary In scenarios where input size isn't limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead toexcessive memory usage and an Out-Of-Memory OOM crash of the process. This issue is relatively uncomm...

7.5CVSS7.4AI score0.00577EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.7 views

CVE-2023-32209

A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox 113...

7.5CVSS6.1AI score0.00761EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/09 12:0 a.m.14 views

CBL Mariner 2.0 Security Update: coredns / ig / keda (CVE-2025-29786)

The version of coredns / ig / keda installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29786 advisory. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if th...

7.5CVSS7.3AI score0.00577EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/03/17 9:26 p.m.23 views

Memory Exhaustion in Expr Parser with Unrestricted Input

Impact If the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent extremely large expression c...

7.5CVSS6.6AI score0.00577EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/03/17 2:15 p.m.14 views

CVE-2025-29786

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

7.5CVSS0.00577EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/17 1:15 p.m.12 views

CVE-2025-29786 Memory Exhaustion in Expr Parser with Unrestricted Input

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

7.5CVSS7.4AI score0.00577EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/03/17 1:15 p.m.12 views

CVE-2025-29786

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

7.5CVSS7.2AI score0.00577EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/03/17 12:0 a.m.5 views

PT-2025-11483

Name of the Vulnerable Software and Affected Versions Expr versions prior to 1.17.0 Description The issue arises when the Expr expression parser is given an unbounded input string, causing it to attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of th...

7.8CVSS6.7AI score0.00577EPSS
Exploits0References36
RedHat Linux
RedHat Linux
added 2024/03/25 7:35 p.m.4 views

Mozilla: Improve handling of out-of-memory conditions in ICU

The Mozilla Foundation Security Advisory describes this flaw as: To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue...

2.7CVSS7.3AI score0.00699EPSS
Exploits0References6
OSV
OSV
added 2024/03/19 12:15 p.m.6 views

CVE-2024-2616

To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR 115.9 and Thunderbird 115.9...

2.7CVSS5.4AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/06 12:0 a.m.2 views

PT-2023-36058 · Git +1 · Lucene

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to an out-of-memory crash. The crash was identified by the IndexSearchFuzzer. No information is provided about the estimated number ...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/26 12:0 a.m.3 views

PT-2023-35974 · Git +1 · Lucene

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to an out-of-memory crash. The crash occurred in the QueryParserFuzzer. Recommendations: At the moment, there is no information abou...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.8 views

PT-2023-22377 · Unknown · Bt21 X Bts Wallpaper

Name of the Vulnerable Software and Affected Versions: BT21 x BTS Wallpaper app version 12 for Android Description: The issue allows unauthorized applications to request permission to insert data into the database that records user personal preferences. This data is loaded into memory when the...

5.5CVSS7.2AI score0.00366EPSS
Exploits1References8
OSV
OSV
added 2023/06/01 9:15 p.m.5 views

CVE-2023-29723

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opene...

7.5CVSS7.1AI score0.00845EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2022/01/05 12:0 a.m.29 views

FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c990e67-6e30-11ec-82db-b42e991fc52e advisory. - NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of...

7.5CVSS7.4AI score0.01434EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/11/11 12:55 a.m.37 views

Memory exhaustion in routinator

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

7.5CVSS1.4AI score0.01434EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/11/09 5:15 p.m.27 views

CVE-2021-43174

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

7.5CVSS7.5AI score0.01434EPSS
Exploits0References2
Rows per page
Query Builder