91 matches found
bind9: Parsing large DNS messages may cause excessive CPU load
A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...
BIT-GITLAB-2021-39932
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing co...
CVE-2023-41707
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated...
CVE-2023-29050
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory...
GitLab 12.10 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39932)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Usin...
PT-2023-6230 · Samba +5 · Samba +5
Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A flaw was found in Samba, making it susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC serv...
ALPINE-CVE-2023-4236
A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18...
kernel security and bug fix update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
ALSA-2023:0832 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: mm/mremap.c use-after-free vulnerability CVE-2022-41222 kernel: nfsd buffer overflow by RPC message over TCP with garbage data CVE-2022-43945 kernel: an out-of-bounds vulnerability in...
CVE-2022-43686
In Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service high load...
CVE-2022-43686
In Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service high load...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. When a timeout occurs under a high load, it can cause incorrect data to be returned as the result of an asynchronously executed query. Notes: 1 This vulnerability only affects applications that communicate with...
GHSA-442G-GCG6-MHM4 Play Framework Inadequate Encryption Strength vulnerability
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
Play Framework Inadequate Encryption Strength vulnerability
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
CVE-2021-39932
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing co...
CVE-2021-39932
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing co...
CVE-2021-39932
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing co...
CVE-2021-39932
Removed by vendor...
PT-2021-22771 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.0 through 14.3.6 GitLab CE/EE versions 14.4 through 14.4.4 GitLab CE/EE versions 14.5 through 14.5.2 Description: An issue has been discovered in GitLab CE/EE where the diff feature could be used to trigger high load...
CVE-2021-31363
In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system...