AZL-54357 CVE-2024-45337 affecting package moby-engine for versions less than 25.0.3-9

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-35008 CVE-2023-44487 affecting package moby-engine for versions less than 25.0.3-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

SUSE CVE-2023-28644

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is...

Nextcloud 资源管理错误漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud 25.0.3 that stems from the presence of uncontrolled resource consumption, where a user can...