Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-647 advisory. 2024-07-17: CVE-2024-30255 was added to this advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a serve...

BIT-ENVOY-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

CVE-2024-32976

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

CVE-2021-47555

In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the realdev refcnt Inject error before devholdrealdev in registervlandev, and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100 link dummy1 type vlan id 100...

CVE-2024-32886

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...

AZL-40493 CVE-2024-32886 affecting package vitess for versions less than 17.0.7-1

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...

AZL-40360 CVE-2024-32886 affecting package vitess for versions less than 19.0.4-1

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...

CVE-2024-32886

CVE-2024-32886 affects Vitess vtgate, causing a Denial of Service via unbounded memory growth due to a bug in the collation/UTF-16 decoding path (affecting encodings like utf16/utf32/ucs2). Affected versions are fixed in Vitess releases 19.0.4, 18.0.5, and 17.0.7. The issue is demonstrated by a q...

CVE-2024-32886 Vitess vulnerable to infinite memory consumption and vtgate crash

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...

CVE-2024-2757

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

PHP 8.3.x < 8.3.6 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.28, 8.2.x prior to 8.2.18, or 8.3.x prior to 8.3.6. It is, therefore, affected by multiple vulnerabilities: - A command injection via array-ish $command parameter of procopen...

CVE-2024-26848

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-26848

In the Linux kernel, the following vulnerability has been resolved: afs: Fix endless loop in directory parsing If a directory has a block with only ".afsXXXX" files in it from uncompleted silly-rename, these .afsXXXX files are skipped but without advancing the file position in the dircontext. Thi...

CVE-2024-26848

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-26848

...

CVE-2024-26848

Removed by vendor...

CVE-2024-26848

CVE-2024-26848 affects the Linux kernel AFS file system; advisories (Ubuntu USN-6919-1 and Amazon Linux 2 ALAS2KERNEL-5.10-2024-076) describe an fix for an endless loop in directory parsing. Affected products/versions are kernel builds shipping the AFS code; remediation is to update the kernel to...