Lucene search
+L

15 matches found

github
github
added 2026/05/29 4:56 p.m.15 views

Gotenberg has a Race Condition via Multipart `downloadFrom` Handling

Summary Gotenberg is vulnerable to a remote denial of service in multipart downloadFrom handling. A multipart request containing multiple downloadFrom entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with fatal error: concurrent...

5.9AI score0.00138EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/05/29 4:56 p.m.10 views

GHSA-VP73-VJW8-8F32 Gotenberg has a Race Condition via Multipart `downloadFrom` Handling

Summary Gotenberg is vulnerable to a remote denial of service in multipart downloadFrom handling. A multipart request containing multiple downloadFrom entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with fatal error: concurrent...

7.5CVSS5.9AI score0.00138EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.13 views

PT-2026-45015

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.10.0 through 8.x Description Gotenberg is susceptible to a remote denial of service due to a race condition when handling multipart requests. When a request contains multiple downloadFrom entries, the system initiates...

7.5CVSS6AI score0.00138EPSS
Exploits0References5
susecve
susecve
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-28789

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin's OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References3
osv
osv
added 2026/03/10 6:28 p.m.5 views

GO-2026-4586 OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling in github.com/OliveTin/OliveTin

OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling in github.com/OliveTin/OliveTin. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References3
nvd
nvd
added 2026/03/05 8:16 p.m.7 views

CVE-2026-28789

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

7.5CVSS0.00394EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/03/05 7:33 p.m.3 views

CVE-2026-28789 OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/03/05 7:33 p.m.3 views

CVE-2026-28789

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

7.5CVSS5.9AI score0.00394EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2026/03/05 7:33 p.m.5 views

EUVD-2026-9873

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

7.5CVSS5.9AI score0.00394EPSS
Exploits1References2
osv
osv
added 2026/03/05 7:33 p.m.4 views

CVE-2026-28789 OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References4
cve
cve
added 2026/03/05 7:33 p.m.16 views

CVE-2026-28789

OliveTin prior to 3000.10.3 is vulnerable to an unauthenticated denial-of-service in the OAuth2 login flow. Concurrent requests to /oauth/login can access a shared registeredStates map unsafely, causing a Go runtime panic (fatal error: concurrent map writes) and terminating the process when OAuth...

7.5CVSS5.9AI score0.00394EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/03/02 9:41 p.m.7 views

GHSA-45M3-398W-M2M9 OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling

Summary An unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic fatal error: concurrent map writes and process termination. This...

7.5CVSS6.1AI score0.00394EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/03/02 12:0 a.m.7 views

PT-2026-23499

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.10.3 Description OliveTin is susceptible to a denial-of-service condition stemming from an unsynchronized access issue within its OAuth2 login flow. Concurrent requests to the /oauth/login API endpoint can trigg...

9.9CVSS6.9AI score0.22162EPSS
Exploits70References138
suse
suse
added 2025/02/03 8:48 a.m.1 views

Security update for podman

This update for podman fixes the following issues: CVE-2024-6104: Fixed dependency issue with go-retryablehttp: url might write sensitive information to log file bsc1227052. Update to version 4.9.5: Bump to v4.9.5 Update release notes for v4.9.5 fix "concurrent map writes" in network ls compat...

8.6CVSS7.3AI score0.01279EPSS
Exploits0References10
osv
osv
added 2025/02/03 8:47 a.m.7 views

SUSE-SU-2025:20013-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-6104: Fixed dependency issue with go-retryablehttp: url might write sensitive information to log file bsc1227052. - Update to version 4.9.5: Bump to v4.9.5 Update release notes for v4.9.5 fix "concurrent map writes" in network ls compa...

8.6CVSS6.8AI score0.01279EPSS
Exploits0References6
Rows per page
Query Builder