EUVD-2020-19476

Malware in sbrugna...

CVE-2020-26952

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox 83...

XML Entity Expansion (XEE)

org.apache.solr, solr-core is vulnerable to an XML Entity Expansion XEE. The vulnerability is due to XML resource consumption caused by the use of XML DOCTYPE and ENTITY declarations, which allows an attacker to trigger excessive memory usage during XML parsing, leading to out-of-memory errors...

GHSA-C74F-6MFW-MM4V Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

GHSA-488M-W9FP-5MM2 Infinispan circular object references causes out of memory errors

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

Infinispan circular object references causes out of memory errors

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

CVE-2023-5236

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

Debian dla-3341 : curl - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3341 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3341-1 [email protected] https://www.debian.org/lts/security/...

CURL-CVE-2023-23916 HTTP multi-header compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was capped, but the cap was implemented on a per-header basis allowing a...

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

Mageia: Security Advisory (MGASA-2013-0185)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

Memory corruption

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox 83...

CVE-2020-26952

Mozilla Firefox vulnerability (CVE-2020-26952) involves incorrect bookkeeping of inlined functions during JIT compilation, causing memory corruption and potentially exploitable crashes when handling out-of-memory conditions. Affected: Firefox versions earlier than 83. Root cause: mismanagement in...

CVE-2020-9489

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade ...

Pivotal Spring Framework DoS Attack with XML Input

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

GHSA-6V7W-535J-RQ5M Pivotal Spring Framework DoS Attack with XML Input

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

Moderate: Red Hat Security Advisory: openstack-cinder security update

An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: openstack-cinder security update

An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: openstack-cinder security update

Updated openstack-cinder packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...