Jetty HTTP Server Denial of Service vulnerability

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service memory usage and application crash via HTTP requests with a large Content-Length...

PT-2022-18975 · Owasp +2 · Owasp Antisamy +4

Name of the Vulnerable Software and Affected Versions: HtmlUnit-Neko versions 2.26 and earlier CyberNeko HTML versions 1.9.22 and earlier OWASP AntiSamy versions 1.6.6 and earlier Description: Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input...

SUSE-SU-2022:1271-1 Security update for netty

This update for netty fixes the following issues: - Updated to version 4.1.75: - CVE-2021-37136: Fixed an unrestricted decompressed data size in Bzip2Decoder bsc1190610. - CVE-2021-37137: Fixed an unrestricted chunk length in SnappyFrameDecoder, which might lead to excessive memory usage...

Virtuozzo Hybrid Server 7.5 Update 3 Hotfix 1 (7.5.3-396)

The Hotfix 1 for Virtuozzo Hybrid Server 7.5 Update 3 provides stability and usability bug fixes Vulnerability id: PSBM-139281 Optimized cache and memory usage while creating backups. Vulnerability id: PSBM-139170 The container backup process could hang when working with NFS backup storage...

ROS-20220407-02

Vim text editor vulnerability, related to memory usage error after release in function utfptr2char in regexpbt.c. Exploitation of the vulnerability could allow an attacker acting remotely, trick a victim into opening a specially crafted file, raise a post-release usage error, and execute arbitrar...

OPENSUSE-SU-2022:0098-1 Security update for nextcloud

This update for nextcloud fixes the following issues: nextcloud was updated to 21.0.9: - CVE-2021-41239 CWE-200: user enumeration setting not obeyed in User Status API boo1196905 - CVE-2021-41241 CWE-863: groupfolders advanced permissions is not obeyed for subfolders boo1196908 - CVE-2021-41741...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2022:0098-1 Rating: moderate References: 1196905 1196908 1196952 Cross-References: CVE-2021-41239 CVE-2021-41241 CVE-2021-41741 CVSS scores: CVE-2021-41239 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N...

ESXi 5.5 < Build 5230635 Multiple Vulnerabilities (VMSA-2017-0006) (remote check) (PCI-DSS check)

The version of the remote VMware ESXi 5.5 host is prior to build 5230635. It is, therefore, affected by multiple vulnerabilities: - VMware ESXi 5.5 without patch ESXi550-201703401-SG has a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. CVE-2017-4902 - VMwa...

OPENSUSE-SU-2022:0089-1 Security update for nextcloud

This update for nextcloud fixes the following issues: nextcloud was updated to 21.0.9: - CVE-2021-41239 CWE-200: user enumeration setting not obeyed in User Status API boo1196905 - CVE-2021-41241 CWE-863: groupfolders advanced permissions is not obeyed for subfolders boo1196908 - CVE-2021-41741...

ROS-20220322-01

Vulnerability in Mozilla Thunderbird email client, related to a memory usage error upon release when processing HTML content. Exploitation of the vulnerability could allow an attacker, acting remotely, to activate the post-release usage by forcing text to be recomposed in a SVG object and executi...

ROS-20220315-01

A vulnerability in the libxml2 XML document parsing library is related to a post-release memory usage error when processing ID and IDREF attributes in the valid.c file. release when processing ID and IDREF attributes in valid.c file. Exploitation of the vulnerability could allow an attacker actin...

ROS-20220314-01

Vulnerability in Mozilla Firefox browser, related to a logic error in iframe processing. Exploitation the vulnerability could allow an attacker acting remotely and who has the ability to control the contents of an isolated iframe program environment , allow-popups, but not allow-scripts, could...

CVE-2022-24741 High memory usage in Nextcloud server

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded...

PT-2022-16844 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 21.0.8 Nextcloud Server versions prior to 22.2.4 Nextcloud Server versions prior to 23.0.1 Description: The issue affects Nextcloud server, an open source, self-hosted cloud style services platform. An...

ROS-20220309-02

The vulnerability in the XSLT parameter of Mozilla Firefox and Focus browsers is related to memory usage after its freeing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the WebGPU 3D graphics processing and computing softwa...

CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data...

Google Golang 输入验证错误漏洞

Google Golang is a statically strongly typed, compiled language from Google, Inc. A memory consumption overflow vulnerability exists in Google Golang, which stems from a design or implementation impropriety in the code development process of a web-based system or product. An attacker could exploi...

GHSA-PR38-QPXM-G88X Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS)

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability DoS through uncontrolled resource consumption of memory...

PT-2022-16331 · Apache · Apache Activemq Artemis

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ Artemis versions prior to 2.20.0 Apache ActiveMQ Artemis versions prior to 2.19.1 Description: The issue allows an attacker to partially disrupt availability through uncontrolled resource consumption of memory, leading to a...

ROS-20220125-17

A vulnerability in the QEMU hardware emulator is related to a single offset error when emulating a SCSI device in QEMU. Exploitation of the vulnerability could allow an attacker acting remotely, cause QEMU to crash The QEMU hardware emulator vulnerability is related to a memory usage error after ...