Lucene search
K

124 matches found

OSV
OSV
added 2024/04/04 8:20 a.m.3 views

CVE-2024-26795 riscv: Sparse-Memory/vmemmap out-of-bounds fix

In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of-bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page of physical memory in order to ensure that vmemmap’s bounds will be respected during...

5.5CVSS5.4AI score0.00228EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2024/03/18 12:0 a.m.4 views

The vulnerability of the professional video editing software Adobe Premiere Pro lies in the overflow of buffers in dynamic memory, allowing attackers to execute arbitrary code.

The vulnerability of the professional video editing software Adobe Premiere Pro lies in the recording of data beyond the buffer limits in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current user...

7.8CVSS7.8AI score0.00543EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/20 12:30 a.m.20 views

Undertow Uncontrolled Resource Consumption Vulnerability

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

7.5CVSS6.5AI score0.04572EPSS
Exploits0References19Affected Software1
OSV
OSV
added 2024/02/11 12:0 a.m.8 views

CVE-2023-52427

In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resourcelimits.maxsamples. NOTE: the vendor's position is that the product is not designed to handle a maxsamples value that is too large for the amount of memory on the system...

7.5CVSS6.8AI score0.00612EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/12/07 3:0 p.m.57 views

Important: Red Hat Security Advisory: OpenShift Virtualization 4.14.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.14.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References36
NVD
NVD
added 2023/09/15 8:15 p.m.21 views

CVE-2023-41042

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in...

6.5CVSS5.4AI score0.00508EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 4:15 p.m.5 views

AZL-26028 CVE-2023-24536 affecting package msft-golang for versions less than 1.20.7-1

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5CVSS6.6AI score0.01479EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/06 3:50 p.m.6 views

CVE-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

7.5AI score0.01479EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.3 views

SUSE CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

7.5CVSS7AI score0.03546EPSS
Exploits1References30
BDU FSTEC
BDU FSTEC
added 2023/01/13 12:0 a.m.5 views

Vim text editor’s build_stl_str_hl() function vulnerability, allowing an attacker to execute arbitrary code

The vulnerability of the buildstlstrhl function in the Vim text editor is related to the execution of an operation beyond the buffer’s memory limits. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7.7AI score0.00471EPSS
Exploits1References11Affected Software6
ATTACKERKB
ATTACKERKB
added 2022/08/24 5:0 a.m.7 views

CVE-2022-24375

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...

7.5CVSS7.1AI score0.01248EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/24 12:0 a.m.5 views

node-opcua 资源管理错误漏洞

node-opcua is a French Sterfive SAS open source implementation of an OPC UA stack written entirely in Typescript for NodeJS. A resource management error vulnerability exists in versions of node-opcua prior to 2.74.0. An attacker can exploit this vulnerability to bypass excessive memory consumptio...

7.5CVSS5.7AI score0.01248EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.38 views

FreeOpcUa 安全漏洞

FreeOpcUa is an open source C++ OPC-UA server and client library. A security vulnerability exists in FreeOpcUa, which is susceptible to a denial of service DoS attack when sending multiple CloseSession requests with the DeleteSubscription parameter equal to False to bypass excessive memory...

7.5CVSS5.6AI score0.00779EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/23 12:0 a.m.5 views

PT-2022-16588 · Freeopcua · Freeopcua

Name of the Vulnerable Software and Affected Versions: freeopcua/freeopcua versions all Description: The issue allows for Denial of Service DoS by bypassing limitations for excessive memory consumption. This is achieved by sending multiple CloseSession requests with the deleteSubscription paramet...

7.5CVSS7.6AI score0.00779EPSS
Exploits0References4
OSV
OSV
added 2022/08/09 7:15 a.m.7 views

PYSEC-2022-43180

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.5CVSS7.1AI score0.01276EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/08/06 5:20 a.m.282 views

Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

7.5CVSS7.2AI score0.01483EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/08/04 3:24 p.m.16 views

USN-5546-1 openjdk-8, openjdk-lts, openjdk-17, openjdk-18 vulnerabilities

Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. CVE-2022-21449 It was discovered that OpenJDK incorrectly limited memo...

7.5CVSS6.9AI score0.48235EPSS
Exploits8References11
RustSec
RustSec
added 2022/08/01 12:0 p.m.60 views

Unbounded memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

7.5CVSS1.1AI score0.01483EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/12/09 10:5 a.m.8 views

SUSE-SU-2021:3977-1 Security update for xen

This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACEgranttable handling XSA-384 bsc1189632. - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly XSA-386 bsc1191363. - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD...

8.8CVSS8.1AI score0.0206EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2021/11/09 5:54 p.m.5 views

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

5.3CVSS7.2AI score0.03546EPSS
Exploits1References4
Rows per page
Query Builder