rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...

CVE-2023-52884 Input: cyapa - add missing input core locking to suspend/resume functions

In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input core locking to suspend/resume functions Grab input-mutex during suspend/resume functions like it is done in other input drivers. This fixes the following warning during system suspend/resume cycl...

CVE-2021-46993 sched: Fix out-of-bound access in uclamp

In the Linux kernel, the following vulnerability has been resolved: sched: Fix out-of-bound access in uclamp Util-clamp places tasks in different buckets based on their clamp values for performance reasons. However, the size of buckets is currently computed using a rounding division, which can le...

CVE-2023-5680

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...

CVE-2023-5680

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...

CVE-2023-52112

Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally...

SUSE-SU-2023:4918-1 Security update for openssl-1_1-livepatches

This update for openssl-11-livepatches fixes the following issues: Security issue fixed: - CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow bsc1217151. Other fixes: - Report livepatch number on OpenSSLversion jsc709...

The vulnerability of the functions DH_check(), DH_check_ex(), or EVP_PKEY_param_check() in the OpenSSL library allows a attacker to cause a service failure.

The vulnerability of the DHcheck, DHcheckex, or EVPPKEYparamcheck functions in the OpenSSL library is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

SUSE-SU-2023:2634-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case bsc1207534...

CVE-2023-34161

nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally...

python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

PT-2022-8059 · Unknown · Email-Existence

Name of the Vulnerable Software and Affected Versions: email-existence affected versions not specified Description: A vulnerability was found in email-existence, rated as problematic. It affects some unknown functionality of the file index.js. The manipulation leads to inefficient regular...

CVE-2022-3818

An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance...

CVE-2022-34439

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node...

CVE-2022-34439

Dell PowerScale OneFS (versions 8.2.0.x through 9.4.0.x) is affected by a vulnerability where resources are allocated without limits or throttling. This allows a remote unauthenticated attacker to cause denial of service and degraded performance on the affected node. The issue is tied to improper...

SUSE-SU-2022:3500-1 Security update for bind

This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations bsc1203614. - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code fo...

More data flow occupies by PVS server after NAS server failover

To improve NAS server high availability,NAS storage controllers are created as failover group to provide fault tolerance for hardware issues and maintenance tasks. Sometimes, if one NAS storage controller needs to shutdown for maintenance or corrupted due tohardwarefailure, it will failover to...

More data flow occupies by PVS server after copy/paste vdisk in use on NAS storage

Since customer need to execute scheduled backup tasks and vdisk update tasks,administrator may copy vdisk, which is in-using for data streaming from PVS server. Sometimes, data flow to NAS storage will increase even vDisk copy operation is finished. As the result, end user will experience pool...

Inefficient Regular Expression Complexity potentially leads to Denial of Service in

Description Inefficient regular expression complexity of lowercase and uppercase regex could lead to a denial of service attack. With a formed payload 'a' + 'a'.repeati + 'A', only 32 characters payload could take 29443 ms time execution when testing lowercase. The same issue happens with...

GHSA-GJ94-V4P9-W672 Denial-of-service vulnerability processing large chat messages containing many newlines

Impact PocketMine-MP caps maximum chat message length at 512 Unicode characters, or about 2048 bytes. No more than 2 chat messages may be sent per tick. However, due to legacy reasons, incoming chat message blobs are split by \n, and each part is treated as a separate message, the length of each...