16 matches found
EUVD-2023-1111
Malicious code in bioql PyPI...
EUVD-2022-6504
Malicious code in bioql PyPI...
CVE-2023-27483
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...
Linux Distros Unpatched Vulnerability : CVE-2022-35977
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow...
CBL Mariner 2.0 Security Update: helm (CVE-2022-36055)
The version of helm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-36055 advisory. - Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing,...
GHSA-VFVJ-3M3G-M532 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
Summary Fuzz testing on crossplane/crossplane, by Ada Logics and sponsored by the CNCF, identified input to a function in the fieldpath package that can cause an out of memory panic. Applications that use the Paved type's SetValue method with user provided input without proper validation might us...
CVE-2023-27483
CVE-2023-27483 affects crossplane-runtime: the fieldpath package’s Paved.SetValue can grow slices to very large sizes when given unvalidated input, causing an out-of-memory panic. Affected code path is the Paved.SetValue method that writes values along a path without validation, with the index ca...
CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...
Fedora 37 : redis (2023-fbfe7a6cfe)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-fbfe7a6cfe advisory. Redis 7.0.8 Released Mon Jan 16 12:00:00 IDT 2023 Security Fixes: CVE-2022-35977 Integer overflow in the Redis SETRANGE and SORT/SORTRO commands can...
CVE-2022-35977
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...
Denial Of Service (DoS)
github.com/helm/helm is vulnerable to denial of service DoS attacks. A remote authenticated attacker is able to cause an out of memory panic by supplying malicious string inputs to functions in the strvals package, resulting in denial of service conditions...
Helm Resource Management Error Vulnerability
Helm is a Kubernetes package manager. Helm version 3.9.3 and earlier are vulnerable to a resource management error that stems from a fuzz test provided by CNCF that identifies input to a function in the strvals package that could cause an out-of-memory panic. No detailed vulnerability details are...
CVE-2022-36055 Denial of service in Helm
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...
GHSA-7HFP-QFW3-5JXH Helm Vulnerable to denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...
Denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...
SUSE-SU-2021:3292-1 Security update for go1.16
This update for go1.16 fixes the following issues: - Update to go 1.16.8 - CVE-2021-39293: Fixed a buffer overflow issue in preallocation check that can cause OOM panic. bas...