Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat JBoss Enterprise Application Platform (RHSA-2023:4506)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4506 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 9 : Red Hat JBoss Enterprise Application Platform (RHSA-2023:4507)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4507 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 7 : Red Hat JBoss Enterprise Application Platform (RHSA-2023:4505)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4505 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Denial Of Service (DoS)

gpac is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an application crash due to uncontrolled recursion...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.8 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update

Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis

Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused ...

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...

rubygem-loofah: Uncontrolled Recursion leading to denial of service

An uncontrolled recursion vulnerability was found in rubygem loofah. While sanitizing certain sections, loofah is susceptible to stack exhaustion, which can result in a denial of service through CPU resource consumption...

GLSA-202305-16 : Vim, gVim: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-16 Vim, gVim: Multiple Vulnerabilities - Use after free in utfptr2char in GitHub repository vim/vim prior to 8.2.4646. CVE-2022-1154 - heap buffer overflow in getonesourceline in GitHub repository vim/vim prior to 8.2.4647...

OpenImageIO Project OpenImageIO FitsOutput::close() denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1709 OpenImageIO Project OpenImageIO FitsOutput::close denial of service vulnerability March 30, 2023 CVE Number CVE-2023-24472 SUMMARY A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1...

CBL Mariner 2.0 Security Update: vim (CVE-2022-1771)

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1771 advisory. - Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. CVE-2022-1771 Note that Nessus has not...

GHSA-493P-PFQ6-5258 json-smart Uncontrolled Recursion vulnerability

Impact Affected versions of net.minidev:json-smart are vulnerable to Denial of Service DoS due to a StackOverflowError when parsing a deeply nested JSON array or object. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered tha...

json-smart Uncontrolled Recursion vulnerability

Impact Affected versions of net.minidev:json-smart are vulnerable to Denial of Service DoS due to a StackOverflowError when parsing a deeply nested JSON array or object. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered tha...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2023-038)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-038 advisory. A NULL pointer exception flaw was found in Wireshark. A process failure on crafted or malformed input in the IPPUSB dissector can cause a denial of service via a packet injection or a crafted...

K26346590: GNU C Library vulnerabilities CVE-2019-9192 and CVE-2018-20796

Security Advisory Description CVE-2019-9192 DISPUTED In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\\1\\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that...

SUSE CVE-2017-9729

In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...

SUSE CVE-2018-5772

In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file...