RHEL 8 : java-11-openjdk (RHSA-2020:4316)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4316 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

RHEL 8 : java-11-openjdk (RHSA-2020:4305)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4305 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

Design/Logic Flaw

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...

CVE-2020-27173

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source i.e., standard input. This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all...

CVE-2020-27173

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source i.e., standard input. This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all...

Design/Logic Flaw

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source i.e., standard input. This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all...

CVE-2020-27174

CVE-2020-27174 affects Amazon Firecracker runtimes: before 0.21.3 and before 0.22.1 (0.22.x) the serial console buffer can grow without limit when data is sent to standard input, causing a memory leak in the microVM emulation thread that may consume host memory. Impact is memory growth (not a cor...

CVE-2020-27173

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source i.e., standard input. This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all...

CVE-2020-27173

CVE-2020-27173 : In vm-superio prior to 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to stdin. Root cause is the absence of rate limiting, which can cause memory pressure on the host and affect other VMs on the same host. Affected version: vm-superio

CVE-2019-1010083

A flaw was found in python-flask. Unexpected memory usage can occur through specially crafted encoded JSON data. The highest threat from this vulnerability is to system availability. Note, this may overlap CVE-2018-1000656...

CVE-2020-26164

The vulnerability CVE-2020-26164 affects kdeconnect-kde (KDE Connect) up to version 20.08.1/20.08.x, where a remote attacker on the local network can send crafted packets to trigger high CPU, memory, or network connection usage, leading to a Denial of Service. Multiple security advisories and Nes...

Ubuntu: Security Advisory (USN-4564-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4564-1: Apache Tika vulnerabilities

It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service crash. CVE-2020-1950, CVE-2020-1951...

Ubuntu 16.04 LTS : Apache Tika vulnerabilities (USN-4564-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4564-1 advisory. It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial ...

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

java security update

CentOS Errata and Security Advisory CESA-2020:2969 An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RHEL 7 : java-11-openjdk (RHSA-2020:2969)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2969 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

CentOS 7 : java-11-openjdk (RHSA-2020:2969)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2969 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u25...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...