PT-2023-27504 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Recommendations: At th...

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial of service vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause an increase in memory...

GHSA-GFVQ-MXW3-MFQ3 asyncua vulnerable to denial of service via infinite loop

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service DoS such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory...

GHSA-X4HH-VJM7-G2JV Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Summary Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. Details The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string...

ROS-20230919-02

Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...

PT-2023-27755 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 Discourse version 3.2.0.beta1 and earlier in the beta and tests-passed branches Description: Discourse is an open-source discussion platform. Importing a remote theme loads their assets into memory without...

HTTP headers eat all memory

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on the size or quantity of headers it would accept in a response, allowing a malicious server to stream an endless series of...

Advisory ROSA-SA-2023-2232

Software: firefox 102.14.0 OS: rosa-server79 packageevrstring: firefox-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text directio...

OESA-2023-1594 binutils security update

The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols...

OESA-2023-1595 binutils security update

The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols...

OESA-2023-1592 binutils security update

The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols...

SUSE-SU-2023:3563-1 Security update for icu73_2

This update for icu732 fixes the following issues: - Update to release 73.2 CLDR extends the support for “short” Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. ICU has a modified character conversion table, mapping some...

Medium: glibc

Issue Overview: A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the...

ROS-20230905-02

Vulnerability in the ksmbd module of Linux kernel operating systems is related to synchronization errors when using a shared resource. synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code using the...

SUSE CVE-2022-48064

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfddwarf2findnearestlinewithalt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack...

Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to a memory usage flaw (CVE-2023-2828)

Summary Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to a denial of service attack due to memory usage exceeding the configured cache size limit as seen in the vulnerability details section. IBM i has addressed the vulnerability in ISC BIND with a fix as described in the...

UBUNTU-CVE-2022-48064

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfddwarf2findnearestlinewithalt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack...

PT-2023-6126 · Gnu +6 · Gnu Binutils +6

Name of the Vulnerable Software and Affected Versions: GNU Binutils versions prior to 2.40 Description: The issue is related to excessive memory consumption via the load separate debug files function at dwarf2.c. An attacker could supply a crafted ELF file, potentially leading to a DNS attack. Th...

Advisory ROSA-SA-2023-2215

Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 packageevrstring: vim-8.0.1763-19.rv3.4.src.rpm CVE-ID: CVE-2022-0392 BDU-ID: 2022-00992 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getexmodeline exgetln.c function of the vim text editor is related to writing beyond buffer boundaries in...

CVE-2023-34150

A flaw was found in TikaEncodingDetector in Apache Any23. This issue can cause an excessive memory usage problem...