107 matches found
GHSA-2GPR-J5VJ-WVH2 Apache Any23 vulnerable to excessive memory usage
Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage...
CVE-2023-34150 Apache Any23: Possible excessive allocation of resources reading input.
UNSUPPORTED WHEN ASSIGNED Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage...
CVE-2023-34150
CVE-2023-34150 affects Apache Any23 due to a flaw in TikaEncodingDetector that can cause excessive memory usage, potentially leading to denial of service. The vulnerability is documented across multiple sources (CVE records and related advisories), describing memory overuse as the primary impact....
CVE-2023-2253
A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive strin...
CVE-2023-2253
CVE-2023-2253 concerns the /v2/_catalog endpoint in distribution/distribution, where the query parameter n controls the maximum number of records returned. The flaw allows a malicious user to supply an unreasonably large n, potentially triggering allocation of a massive string array and causing m...
SUSE SLES15 / openSUSE 15 Security Update : distribution (SUSE-SU-2023:2298-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2298-1 advisory. Update to verison 2.8.2: - Revert registry/client: set Accept: identity header when getting layers - Parse http forbidden as...
CVE-2023-30798
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
CVE-2023-30798 MultipartParser DOS with too many fields or files in Starlette Framework
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
CVE-2023-25656
notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...
CVE-2023-25656
The CVE affects notation-go (notaryproject) prior to 1.0.0-rc.3, where signature verification may cause memory exhaustion leading to process death and availability impact. Root cause is excessive memory use during verification; a patch is available in v1.0.0-rc.3. Remediation: upgrade to v1.0.0-r...
SUSE CVE-2021-37137
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...
FreeBSD : Django -- multiple vulnerabilities (c49a880d-a5bb-11ed-aab5-080027de9982)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c49a880d-a5bb-11ed-aab5-080027de9982 advisory. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of...
CVE-2023-23969
A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...
CVE-2023-23969
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...
CVE-2023-23969
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...
Debian dla-3306 : python-django - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3306 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3306-1 [email protected] https://www.debian.org/lts/security/...
yaml package for Go can consume excessive amounts of CPU or memory
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
Denial Of Service (DoS)
github.com/golang/net is vulnerable to Denial Of Service DoS. An attacker is able to cause excessive memory usage when the server accepts HTTP/2 requests with very large keys allocating approximately 64 MiB per open connection, resulting in denial of service...