1907 matches found
OPENSUSE-SU-2023:0077-1 Security update for python-Django
This update for python-Django fixes the following issues: - CVE-2023-24580: Prevent DOS in file uploads. boo1208082 update to 1.11.15 CVE-2018-14574: Fixed Open redirect possibility in CommonMiddleware boo1102680 Fixed WKBWriter.write and writehex for empty polygons on GEOS 3.6.1+ Fixed a...
[SECURITY] Fedora 36 Update: libmemcached-awesome-1.1.4-1.fc36
libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...
Fedora: Security Advisory for libmemcached-awesome (FEDORA-2023-c9bbaadcbf)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
Summary Fuzz testing on crossplane/crossplane, by Ada Logics and sponsored by the CNCF, identified input to a function in the fieldpath package that can cause an out of memory panic. Applications that use the Paved type's SetValue method with user provided input without proper validation might us...
[SECURITY] Fedora 38 Update: libmemcached-awesome-1.1.4-1.fc38
libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...
GHSA-V829-X6HH-CQFQ Crossplane-runtime contains Improper Input Validation via Compositions
Summary Fuzz testing, by Ada Logics and sponsored by the CNCF, identified a vulnerability in the fieldpath package from crossplane/crossplane-runtime that an already highly privileged Crossplane user able to create or update Compositions could leverage to cause an out of memory panic in Crossplan...
Crossplane-runtime contains Improper Input Validation via Compositions
Summary Fuzz testing, by Ada Logics and sponsored by the CNCF, identified a vulnerability in the fieldpath package from crossplane/crossplane-runtime that an already highly privileged Crossplane user able to create or update Compositions could leverage to cause an out of memory panic in Crossplan...
CVE-2023-27484
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
Code injection
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
CVE-2023-27484
Summary : CVE-2023-27484 affects crossplane-runtime (Go libraries) used for building Kubernetes controllers in Crossplane stacks. A highly privileged user who can create or update Compositions can specify an arbitrarily high index in a patch’s ToFieldPath. If the index exceeds the current target ...
go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...
K81223200: Oracle Java SE vulnerability CVE-2016-3425
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. CVE-2016-3425 Impact An authenticated attacker can input specially crafted XML th...
K76328112: BIG-IP TMM vulnerability CVE-2019-6683
Security Advisory Description BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions. CVE-2019-6683 Impact This vulnerability is present only on BIG-IP Virtual Edition VE systems with limited bandwidth licenses...
K15852: Linux kernel vulnerability CVE-2014-3122
Security Advisory Description Description The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires...
CVE-2023-25656
notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...
CVE-2023-25656
The CVE affects notation-go (notaryproject) prior to 1.0.0-rc.3, where signature verification may cause memory exhaustion leading to process death and availability impact. Root cause is excessive memory use during verification; a patch is available in v1.0.0-rc.3. Remediation: upgrade to v1.0.0-r...
OESA-2023-1098 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...