CVE-2022-33203

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

OPENSUSE-SU-2022:10075-1 Security update for python-jupyterlab

This update for python-jupyterlab fixes the following issues: Update to 2.2.10: Remove form tags' action attribute during sanitizing, to prevent an XSS CVE-2021-32797 boo1196663 Header ‘Content-Type’ should not be overwritten Do not use token parameters in websocket urls Properly handle errors in...

Allocation of Resources Without Limits or Throttling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of...

[SECURITY] Fedora 36 Update: tmux-top-0.1.1-3.fc36

Monitoring information for your tmux status line. tmux-top allows you to see your: load memory usage network information I/O...

GO-2022-0503 Denial of service via malformed CAR data in github.com/ipld/go-car and go-car/v2

Decoding malformed CAR data can cause panics or excessive memory usage...

[SECURITY] Fedora 35 Update: tmux-top-0.1.1-2.fc35

Monitoring information for your tmux status line. tmux-top allows you to see your: load memory usage network information I/O...

ROS-20220619-01

A vulnerability in the nftexprinit function net/netfilter/nftablesapi.c of the Netfilter packet filtering software of the Linux kernel is related to the possibility of memory usage after the packet filtering software has been installed. Netfilter packet filtering software of the Linux kernel is...

STIG V-218773 - Recycling IIS App Pools on Storefront Servers

Address STIGV-218773 compatibility with Citrix Storefront vis a vis of the virtual memory an application pool uses...

artemis-commons: Apache ActiveMQ Artemis DoS

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability DoS through uncontrolled resource consumption of memory...

Denial Of Service (DoS)

github.com/ipld/go-car is vulnerable to denial of service. The vulnerability exists in LdRead function in util.go because the decoding of CAR data is not properly handled which leads to an excessive memory usage causing an application crash...

GHSA-9X4H-8WGM-8XFG Malformed CAR panics and excessive memory usage

Impact Versions impacted = [email protected] = [email protected] Description of user-facing changes...

USN-5497-2 libjpeg6b vulnerabilities

USN-5497-1 fixed vulnerabilities in Libjpeg6b. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this...

artemis-commons: Apache ActiveMQ Artemis DoS

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability DoS through uncontrolled resource consumption of memory...

Argo 缓冲区错误漏洞

Argo is an open source container native workflow engine. A buffer error vulnerability in Kubernetes Argo Events prior to version 1.7.1, which stems from ioutil.ReadAll reading all data into memory, can be exploited by an attacker to send a large number of requests to the Argo Events server,...

ALPINE-CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

The vulnerability in the implementation of the OPENSSL_LHflush() function in the OpenSSL library allows a attacker to cause a service failure.

The vulnerability of the OPENSSLLHflush function implementation in the OpenSSL library is related to the repeated use of memory during the flushing of the hash table when decoding certificates or keys. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Nginx Plus R1 < R15-P2 / R16 < R16-P1 Multiple Vulnerabilities

According to it's self reported version, the installed version of Nginx Plus is R1 built on Open Source version 1.5.3-1 prior to R15-P2 or R16 built on Open Source version 1.15.2 prior to R16-P1. It is, therefore, affected by the following issues : - An unspecified error exists related to the...

PT-2022-19492 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.7 Nextcloud Server versions prior to 23.0.4 Description: The issue is related to missing input-size validation of new session names in Nextcloud Server, allowing users to create app passwords with long...

Denial of Service (DoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...