Apache Answer 代码问题漏洞

Apache Answer is a community platform of the Apache USA Foundation. A denial of service vulnerability exists in Apache Answer 1.2.1 and earlier versions, which can be exploited by attackers to conduct pixel flooding attacks by uploading large pixelated files, resulting in a server out of memory...

JSS: memory leak in TLS connection leads to OOM

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service...

dotnet: .NET Denial of Service Vulnerability

A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...

dotnet: .NET Denial of Service Vulnerability

A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...

Oracle Linux 8 : postgresql:13 (ELSA-2023-7581)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7581 advisory. - Fixes: CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 Tenable has extracted the preceding description block directly from the Oracle Linux...

Design/Logic Flaw

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks...

SUSE SLES15: postgresql12 / postgresql12-contrib / postgresql12-devel / etc (SUSE-SU-2023:4454-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4454-1 advisory. Security issues fixed: CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions...

Debian DSA-5553-1 : postgresql-15 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5553 advisory. Several vulnerabilities have been discovered in the PostgreSQL database system. CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate functio...

postgresql-server -- Memory disclosure in aggregate function calls

PostgreSQL Project reports: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have...

Rocky Linux 9 : samba (RLSA-2022:8317)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8317 advisory. - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing...

Rocky Linux 8 : postgresql:12 (RLSA-2021:5235)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5235 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker ca...

CVE-2023-45142

A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server's memory by sending many malicious requests, affecting the availability. Mitigation As a workaround to stop being affected otelhttp.WithFilter can be used...

OpenTelemetry-Go Contrib Security Vulnerability

OpenTelemetry-Go Contrib is a collection of OpenTelemetry Go extensions open-sourced by OpenTelemetry. A security vulnerability exists in OpenTelemetry-Go Contrib that stems from a potential server memory exhaustion when a large number of malicious requests are sent to the server...

Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash

A bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently use this function itself so this only impact applications that u...

Uncontrolled Resource Consumption in OPC UA .NET Standard Reference Server

This security update resolves a vulnerability in the OPC UA .NET Standard Reference Server that allows remote attackers to send malicious requests that consume all memory available to the server...

K21571420: Multiple Samba vulnerabilities

Security Advisory Description CVE-2022-2031 A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this...

SUSE CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

EulerOS Virtualization 3.0.2.2 : samba (EulerOS-SA-2023-1293)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext...

CVE-2022-42278

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering...

CVE-2022-42278

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering...