TencentOS Server 3: bind9.16 (TSSA-2023:0198)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0198 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

UBUNTU-CVE-2024-42243

In the Linux kernel, the following vulnerability has been resolved: mm/filemap: make MAXPAGECACHEORDER acceptable to xarray Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size. More details can be found from t...

CVE-2023-5330

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

Design/Logic Flaw

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

PT-2023-32049 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from the failure to enforce a limit for the size of the cache entry for OpenGraph data. This allows an attacker to send a specially crafted request to the...

SUSE-SU-2023:2667-1 Security update for bind

This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. CVE-2023-2828 A query that prioritizes stale data over lookup triggers ...

SUSE-SU-2022:4398-1 Security update for go1.18

This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries bsc1206135 - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows bsc1206...

PT-2022-7291

Name of the Vulnerable Software and Affected Versions net/http versions prior to the fixed version Description The issue is related to the net/http package in the Go programming language, which is vulnerable to excessive memory growth due to unbounded resource allocation. An attacker can cause th...

OPENSUSE-SU-2021:1626-1 Security update for go1.16

This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages bsc1182345 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. -...

OPENSUSE-SU-2021:4186-1 Security update for go1.17

This update for go1.17 fixes the following issues: Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and time packages bsc1190649 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. - CVE-2021-44716:...

JVN#40208370: XACK DNS vulnerable to denial-of-service (DoS)

XACK DNS is DNS server software provided by XACK, Inc. XACK DNS contains a denial-of-service DoS vulnerability due to an issue commonly referred to as NXNSAttack. Impact A remote attacker may be able to cause denial-of-service DoS conditions listed below. The performance of the recursive resolver...

Moderate: Red Hat Security Advisory: openstack-cinder security and bug fix update

An update for openstack-cinder is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Cumulative Update for Windows 10 Version 1607 and Windows Server 2016: December 9, 2016

Cumulative Update for Windows 10 Version 1607 and Windows Server 2016: December 9, 2016 Summary This update includes quality improvements for Windows 10 Version 1607 and Windows Server 2016. No new operating system features are being introduced in this update. Key changes include: Improved the...

CVE-2012-3466

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors...