PT-2024-9612 · Eclipse +2 · Eclipse Jetty +2

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions prior to 9.4.54 Eclipse Jetty versions prior to 10.0.18 Eclipse Jetty versions prior to 11.0.18 Eclipse Jetty versions prior to 12.0.3 Description: The vulnerability in Jetty's DosFilter can be exploited by unauthorized...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2024:3510-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3510-1 advisory. - CVE-2024-38286: OutOfMemory exception triggered through abuse of the TLS handshake process. bsc1230986 Tenable has extracted the preceding...

SUSE: Security Advisory (SUSE-SU-2024:3510-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-1973

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory...

BIT-ELASTICSEARCH-2023-31418 Elasticsearch uncontrolled resource consumption

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Elasticsearch denial of service vulnerabilities.

Summary Potential Elasticsearch denial of service vulnerabilitity have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-31418 DESCRIPTION: Elast...

CVE-2023-50572

An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM OutofMemory error...

CVE-2023-50572

An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM OutofMemory error...

CVE-2023-31418

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. This flaw allows an unauthenticated user to force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests...

Elasticsearch vulnerable to Uncontrolled Resource Consumption

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and...

CVE-2023-31418

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and...

Code injection

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and...

CVE-2023-31418

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and...

CVE-2023-31418

The CVE-2023-31418 entry concerns Elastic Elasticsearch. It describes an unauthenticated remote vulnerability in the HTTP layer where sending a moderate number of malformed HTTP requests can cause an Elasticsearch node to exit with an OutOfMemory error, i.e., uncontrolled resource consumption lea...

CVE-2023-31418 Elasticsearch uncontrolled resource consumption

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and...

Advisory ROSA-SA-2023-2271

software: pdfbox 2.0.24 WASP: ROSA-CHROME packageevrstring: pdfbox-2.0.24-1.src.rpm CVE-ID: CVE-2021-27807 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A carefully crafted PDF file may cause an infinite loop when loading the file. This issue affects Apache PDFBox version 2.0.22 and earlier versions of...

GHSA-8WX3-324G-W4QQ OpenSearch uncontrolled resource consumption

Impact An issue has been identified with how OpenSearch handled incoming requests on the HTTP layer. An unauthenticated user could force an OpenSearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering an...

OpenSearch uncontrolled resource consumption

Impact An issue has been identified with how OpenSearch handled incoming requests on the HTTP layer. An unauthenticated user could force an OpenSearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering an...

Elasticsearch 8.9.0, 7.17.13 Security Update

Elasticsearch uncontrolled resource consumption ESA-2023-13 An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP...

EulerOS Virtualization 2.10.1 : libwebp (EulerOS-SA-2023-2543)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to...