14 matches found
TencentOS Server 3: bind9.16 (TSSA-2023:0198)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0198 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
UBUNTU-CVE-2024-42243
In the Linux kernel, the following vulnerability has been resolved: mm/filemap: make MAXPAGECACHEORDER acceptable to xarray Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size. More details can be found from t...
Design/Logic Flaw
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...
CVE-2023-5330 Denial of Service via Opengraph Data Cache
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...
PT-2023-32049 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from the failure to enforce a limit for the size of the cache entry for OpenGraph data. This allows an attacker to send a specially crafted request to the...
SUSE-SU-2023:2667-1 Security update for bind
This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. CVE-2023-2828 A query that prioritizes stale data over lookup triggers ...
SUSE-SU-2022:4398-1 Security update for go1.18
This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries bsc1206135 - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows bsc1206...
PT-2022-7291
Name of the Vulnerable Software and Affected Versions net/http versions prior to the fixed version Description The issue is related to the net/http package in the Go programming language, which is vulnerable to excessive memory growth due to unbounded resource allocation. An attacker can cause th...
OPENSUSE-SU-2021:1626-1 Security update for go1.16
This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages bsc1182345 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. -...
OPENSUSE-SU-2021:4186-1 Security update for go1.17
This update for go1.17 fixes the following issues: Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and time packages bsc1190649 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. - CVE-2021-44716:...
JVN#40208370: XACK DNS vulnerable to denial-of-service (DoS)
XACK DNS is DNS server software provided by XACK, Inc. XACK DNS contains a denial-of-service DoS vulnerability due to an issue commonly referred to as NXNSAttack. Impact A remote attacker may be able to cause denial-of-service DoS conditions listed below. The performance of the recursive resolver...
Moderate: Red Hat Security Advisory: openstack-cinder security and bug fix update
An update for openstack-cinder is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Cumulative Update for Windows 10 Version 1607 and Windows Server 2016: December 9, 2016
None None...
CVE-2012-3466
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors...