Lucene search
+L

107 matches found

OSV
OSV
added 2023/07/05 9:30 a.m.36 views

GHSA-2GPR-J5VJ-WVH2 Apache Any23 vulnerable to excessive memory usage

Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage...

6.5CVSS5.7AI score0.01484EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/07/05 7:28 a.m.18 views

CVE-2023-34150 Apache Any23: Possible excessive allocation of resources reading input.

UNSUPPORTED WHEN ASSIGNED Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage...

6.5CVSS6.8AI score0.01484EPSS
Exploits0References1
CVE
CVE
added 2023/07/05 7:28 a.m.52 views

CVE-2023-34150

CVE-2023-34150 affects Apache Any23 due to a flaw in TikaEncodingDetector that can cause excessive memory usage, potentially leading to denial of service. The vulnerability is documented across multiple sources (CVE records and related advisories), describing memory overuse as the primary impact....

6.5CVSS5.7AI score0.01484EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/06/06 8:15 p.m.14 views

CVE-2023-2253

A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive strin...

6.5CVSS6.4AI score0.00938EPSS
Exploits0References2
CVE
CVE
added 2023/06/06 12:0 a.m.518 views

CVE-2023-2253

CVE-2023-2253 concerns the /v2/_catalog endpoint in distribution/distribution, where the query parameter n controls the maximum number of records returned. The flaw allows a malicious user to supply an unreasonably large n, potentially triggering allocation of a massive string array and causing m...

6.5CVSS6.2AI score0.00938EPSS
Exploits0References2Affected Software3
Tenable Nessus
Tenable Nessus
added 2023/05/26 12:0 a.m.19 views

SUSE SLES15 / openSUSE 15 Security Update : distribution (SUSE-SU-2023:2298-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2298-1 advisory. Update to verison 2.8.2: - Revert registry/client: set Accept: identity header when getting layers - Parse http forbidden as...

6.5CVSS6.7AI score0.00938EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/04/21 3:27 p.m.50 views

CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7.2AI score0.01288EPSS
Exploits0
OSV
OSV
added 2023/04/21 3:27 p.m.16 views

CVE-2023-30798 MultipartParser DOS with too many fields or files in Starlette Framework

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7.1AI score0.01288EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/03/09 8:22 p.m.9 views

CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

6.2CVSS6.3AI score0.00678EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/09 8:22 p.m.50 views

CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

6.2CVSS6.4AI score0.00678EPSS
Exploits0References1
NVD
NVD
added 2023/02/20 4:15 p.m.39 views

CVE-2023-25656

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

7.5CVSS7.5AI score0.0044EPSS
Exploits0References2
CVE
CVE
added 2023/02/20 12:0 a.m.402 views

CVE-2023-25656

The CVE affects notation-go (notaryproject) prior to 1.0.0-rc.3, where signature verification may cause memory exhaustion leading to process death and availability impact. Root cause is excessive memory use during verification; a patch is available in v1.0.0-rc.3. Remediation: upgrade to v1.0.0-r...

7.5CVSS7.4AI score0.0044EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.4 views

SUSE CVE-2021-37137

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...

7.5CVSS8AI score0.0628EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/05 12:0 a.m.30 views

FreeBSD : Django -- multiple vulnerabilities (c49a880d-a5bb-11ed-aab5-080027de9982)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c49a880d-a5bb-11ed-aab5-080027de9982 advisory. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/02/01 9:37 p.m.26 views

CVE-2023-23969

A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...

7.5CVSS7.2AI score0.47102EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2023/02/01 10:0 a.m.35 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS6.8AI score0.47102EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.51 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.7AI score0.47102EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.34 views

Debian dla-3306 : python-django - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3306 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3306-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7AI score0.47102EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/12/28 12:30 a.m.45 views

yaml package for Go can consume excessive amounts of CPU or memory

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

7.5CVSS7.6AI score0.017EPSS
Exploits0References12Affected Software1
Veracode
Veracode
added 2022/12/09 4:54 p.m.29 views

Denial Of Service (DoS)

github.com/golang/net is vulnerable to Denial Of Service DoS. An attacker is able to cause excessive memory usage when the server accepts HTTP/2 requests with very large keys allocating approximately 64 MiB per open connection, resulting in denial of service...

5.3CVSS6.6AI score0.05623EPSS
Exploits0References27Affected Software19
Rows per page
Query Builder