227 matches found
CVE-2024-56783
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: remove WARNONONCE on maximum cgroup level cgroup maximum depth is INTMAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove...
CVE-2024-56783 netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: remove WARNONONCE on maximum cgroup level cgroup maximum depth is INTMAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove...
CVE-2024-13058
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products such ...
CVE-2024-13058
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products such ...
GO-2024-3334 Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server...
CVE-2024-48973
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...
CVE-2024-48973 Debug port on Life2000 Ventilator serial interface is enabled by default
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...
Allowing execution user provided regexp, lead to Redos
Description librechat have a functionality of uploading chatgpt chat log. when processing the log, following code is executed: const pattern = new RegExp \u3010$citation.metadata.extra.citedmessageidx\u2020.+?\u3011, 'g', ; const replacement = $citation.metadata.title; messageText =...
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...
GHSA-5J4C-8P2G-V4JX ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...
PT-2024-32922 · Solidigm · Solidigm Dc Products
Name of the Vulnerable Software and Affected Versions: Solidigm DC Products affected versions not specified Description: The issue is related to improper resource management in the firmware of some Solidigm DC Products. This flaw may allow an attacker to potentially control the performance of the...
path-to-regexp outputs backtracking regular expressions
Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...
BIND's database will be slow if a very large number of RRs exist at the same name
...
Hotfix XS82ECU1070 - For Citrix Hypervisor 8.2 Cumulative Update 1
Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. All customers who are affected by the issues described inCTX691115 - Citrix Hypervisor Security Bulletinshould install this hotfix. Note: This hotfix is available only to customers on...
Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS
Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as moder...
SUSE-SU-2024:1574-1 Security update for go1.21
This update for go1.21 fixes the following issues: Update to go1.21.10: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin bsc1224017 - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/[email protected]...
CVE-2024-26763
In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...
BIT-GITLAB-2022-1099
Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab...
SUSE CVE-2024-26602
In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sysmembarrier On some systems, sysmembarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to preve...
CVE-2023-52466
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...