EUVD-2026-33952

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

EUVD-2023-1111

Malicious code in bioql PyPI...

EUVD-2022-6504

Malicious code in bioql PyPI...

CVE-2023-53232 mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...

CVE-2023-27483

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

Linux Distros Unpatched Vulnerability : CVE-2022-35977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow...

USN-6038-1 golang-1.18 vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

CBL Mariner 2.0 Security Update: helm (CVE-2022-36055)

The version of helm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-36055 advisory. - Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing,...

GHSA-VFVJ-3M3G-M532 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

Summary Fuzz testing on crossplane/crossplane, by Ada Logics and sponsored by the CNCF, identified input to a function in the fieldpath package that can cause an out of memory panic. Applications that use the Paved type's SetValue method with user provided input without proper validation might us...

CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

CVE-2023-27483

CVE-2023-27483 affects crossplane-runtime: the fieldpath package’s Paved.SetValue can grow slices to very large sizes when given unvalidated input, causing an out-of-memory panic. Affected code path is the Paved.SetValue method that writes values along a path without validation, with the index ca...

CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

Fedora 37 : redis (2023-fbfe7a6cfe)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-fbfe7a6cfe advisory. Redis 7.0.8 Released Mon Jan 16 12:00:00 IDT 2023 Security Fixes: CVE-2022-35977 Integer overflow in the Redis SETRANGE and SORT/SORTRO commands can...

CVE-2022-35977

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...

PT-2023-1362

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 7.0.8 Redis versions prior to 6.2.9 Redis versions prior to 6.0.17 Description: The issue is related to an integer overflow when processing objects, which can be triggered by authenticated users issuing specially craft...

Denial Of Service (DoS)

github.com/helm/helm is vulnerable to denial of service DoS attacks. A remote authenticated attacker is able to cause an out of memory panic by supplying malicious string inputs to functions in the strvals package, resulting in denial of service conditions...

Helm Resource Management Error Vulnerability

Helm is a Kubernetes package manager. Helm version 3.9.3 and earlier are vulnerable to a resource management error that stems from a fuzz test provided by CNCF that identifies input to a function in the strvals package that could cause an out-of-memory panic. No detailed vulnerability details are...

CVE-2022-36055 Denial of service in Helm

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...

CVE-2022-36055 Denial of service in Helm

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...

GHSA-7HFP-QFW3-5JXH Helm Vulnerable to denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...