10 matches found
Security update for docker-stable
This update for docker-stable fixes the following issues CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. CVE-2026-33748: github.com/moby/buildkit: insufficient validation of Git...
Absinthe: Quadratic fragment-name uniqueness check
Summary An unauthenticated attacker can stall an Absinthe-backed GraphQL endpoint by submitting a query that contains many fragment definitions. The fragment-name uniqueness validation phase is ON² in the number of fragments, so a single modestly-sized request burns seconds of CPU per worker, and...
CVE-2026-43967
Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each one calls...
Mlflow 安全漏洞
Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow version 2.11.0, which stems from insufficient validation of the fragment portion of a URL, leading to the reading of arbitrary files via path traversal...
K15356: OpenSSL vulnerability CVE-2014-0195
Security Advisory Description The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denia...
SUSE CVE-2015-4145
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service memory leak via a crafted message...
CVE-2019-11555
The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...
Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability
Cisco IOS is the operating system developed by Cisco for its network devices.Cisco Wide Area Application Services Express is a Cisco WAAS product that is based on IOS and is integrated into routers to provide application acceleration capabilities as well as to reduce the cost of WAN bandwidth...
hostapd and wpa_supplicant -- multiple vulnerabilities
Jouni Malinen reports: wpasupplicant unauthorized WNM Sleep Mode GTK control. 2015-6 - CVE-2015-5310 EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 EAP-pwd peer error path failure on unexpected Confirm message. 2015-8 - CVE-2015-5316...
DEBIAN-CVE-2015-4145
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service memory leak via a crafted message...