Important: nginx:1.18 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 For more details about the...

ALSA-2021:2259 Important: nginx:1.18 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 For more details about the...

MGASA-2021-0222 Updated wireshark packages fix a security vulnerability

The MS-WSP dissector could consume excessive amounts of memory CVE-2021-22207...

Squid 资源管理错误漏洞

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. Squid is vulnerable to a resource management error. A remote attacker can trick a user behind a proxy server into...

GHSA-3H29-52VH-PQGR Uncontrolled Resource Consumption in Apache Tika

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23...

Uncontrolled Resource Consumption in Apache Tika

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23...

CVE-2021-28665

Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service...

[SECURITY] Fedora 32 Update: nginx-1.20.0-2.fc32

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 33 Update: nginx-1.20.0-2.fc33

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Denial Of Service (DoS)

binutils is vulnerable to denial of service. A flaw in the BFD library allows an attacker, who submits a malicious file to an application linked with BFD, and using the DWARF functionality, could cause a an application crash through excessive memory usage...

Nextcloud: index.php/apps/files_sharing/shareinfo endpoint is not properly protected

When federated shares between two Nextclouds are created they do not use standard webdav to communciate. But to obtain the filelist they seem to use the SERVER/index.php/apps/filessharing/shareinfo endpoint. Unlike the other endpoint for tokens like public link shares. There is no brute force...

CVE-2021-0257

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs Modular Port Concentrators where Integrated Routing and Bridging IRB interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge CE devices may cause memo...

CVE-2021-0257

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs Modular Port Concentrators where Integrated Routing and Bridging IRB interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge CE devices may cause memo...

CVE-2021-0257

CVE-2021-0257 affects Juniper Junos OS on MX Series and EX9200 Series with Trio-based MPCs where IRB interfaces are mapped to a VPLS or Bridge-Domain. The issue is a memory leak in the MPC that can lead to an out-of-memory condition and an MPC restart, causing temporary traffic interruptions. Aff...

Matrix Sydent 输入验证错误漏洞

Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix Foundation in the UK. Matrix Sydent suffers from an input validation error vulnerability that stems from the fact that the lack of input validation for certain parameters may lead to overuse of disk space a...

PT-2021-3310 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on MX Series, EX9200 Series versions prior to 17.3R3-S10 Juniper Networks Junos OS on MX Series, EX9200 Series versions prior to 17.4R3-S3 Juniper Networks Junos OS on MX Series, EX9200 Series versions prior to...

DEBIAN-CVE-2021-21394

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135).

Summary Db2 is vulnerable to a denial of service. Db2 could allow an attacker to send specially crafted packets to the Db2 server to cause excessive memory usage and cause Db2 to terminate abnormally. Vulnerability Details CVEID: CVE-2020-4135 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows...

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...