sos bug fix and enhancement update

The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. Bug Fixes and Enhancements: sos collect fails to get node list from a pacemaker cluster BZ2071695 Tracke...

ALBA-2022:4744 sos bug fix and enhancement update

The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. Bug Fixes and Enhancements: sos collect fails to get node list from a pacemaker cluster BZ2071695 Tracke...

sos bug fix and enhancement update

An update is available for sos. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...

Pion/DTLS contains buffer for inbound DTLS fragments with no limit

Impact A buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or times out. An attacker could exploit this to cause excessive memory usage. Patches Upgrade to Pion DTLS v2.1.4 Workarounds...

Memory usage graphs accessible to anyone with Overall/Read

Jenkins includes a feature that shows a JVM memory usage chart for the Jenkins controller. Access to the chart in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier requires no permissions beyond the general Overall/Read, allowing users who are not administrators to view JVM memory usage data...

GHSA-R78Q-QGX6-64PP Memory usage graphs accessible to anyone with Overall/Read

Jenkins includes a feature that shows a JVM memory usage chart for the Jenkins controller. Access to the chart in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier requires no permissions beyond the general Overall/Read, allowing users who are not administrators to view JVM memory usage data...

ROS-20220524-02

A vulnerability in the lightweight DNS, DHCP, and TFTP server Dnsmasq is related to a memory usage error after a release when processing DHCPv6 requests. Exploitation of the vulnerability could allow an attacker, acting remotely, send specially crafted DHCPv6 packets to a vulnerable application,...

Buffer Overflow

github.com/pion/dtls is vulnerable to buffer overflow. The vulnerability exists in fragmentbuffer.go because no upper limit of fragmentBuffer of network traffic is not defined which allows an attacker to cause an excessive memory usage which then leads to an application crash...

CVE-2022-29189

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

CVE-2022-29189

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

CVE-2022-29189 Buffer for inbound DTLS fragments has no limit

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

CVE-2022-29189

The CVE concerns Pion DTLS (Go DTLS) prior to version 2.1.4, where an inbound-buffer for handshake data had no upper limit, allowing an attacker to cause unbounded memory growth and potential denial of service during the handshake. Concrete evidence in connected sources shows the issue is fixed i...

CVE-2022-29189 Buffer for inbound DTLS fragments has no limit

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

PT-2022-19441

Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 2.1.4 Description The issue concerns a buffer used for inbound network traffic that had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or times out. An...

Denial of Service on embed2 servlet

Description The application stores a 5MB file in a hashmap variable using a user input as a key, with a large number of requests its possible to increase the memory usage of the application and deny the access to embed2.js stencils resource Proof of Concept import requests...

UBUNTU-CVE-2022-28656

isclosingsession allows users to consume RAM in the Apport process...

PT-2022-19146 · Canonical +1 · Apport +2

Name of the Vulnerable Software and Affected Versions: Apport affected versions not specified Description: The issue allows users to consume RAM in the Apport process through the is closing session function. Recommendations: At the moment, there is no information about a newer version that contai...

CVE-2022-25169 Apache Tika BPGParser Memory Usage DoS

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files...

Apache Tika 资源管理错误漏洞

Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open source library that uses Java programs to provide read and write functionality for Microsoft Office format documents, Pdfbox a pure Java class library for reading and creating PDF...

PT-2022-17108 · Apache +1 · Apache Tika +1

Name of the Vulnerable Software and Affected Versions: Apache Tika versions prior to 1.28.2 Apache Tika versions prior to 2.4.0 Description: The issue concerns the BPG parser in Apache Tika, which may allocate an excessive amount of memory when processing carefully crafted files. Recommendations:...