97 matches found
Fedora 40 : doctl (2023-72ab10f1de)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-72ab10f1de advisory. Automatic update for doctl-1.101.0-2.fc40. Changelog Sat Dec 9 2023 Mikel Olasagasti Uranga - Update to 1.101.0 - Closes rhbz2253730 rhbz2248265 Tenable has...
CVE-2024-25116
RedisBloom adds probabilistic data structures to Redis. In versions prior to 2.4.7 and 2.6.10, authenticated users can issue CF.RESERVE to trigger a runtime assertion that terminates the Redis server process. The issue is fixed in RedisBloom 2.4.7 and 2.6.10. Exposure: LOCAL access with low privi...
OpenFGA denial of service
Overview OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an "out of memory" error and terminate...
Denial Of Service
librttopo.so is vulnerable to Denial Of Service. The vulnerability is due to mishandling of empty geometries. The remote attackers can perform a DoS via a crafted STAsX3D input which leads to server termination...
AZL-31857 CVE-2023-39325 affecting package kured for versions less than 1.9.1-14
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
GHSA-9HXF-PPJV-W6RQ gRPC connection termination issue
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...
CVE-2023-25930
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862...
The vulnerability of the Redis database management system, related to the lack of measures for cleaning incoming data, allows a attacker to send a specially crafted MSETNX command, causing a service failure and terminating the Redis server process.
The vulnerability of the Redis database management system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows an attacker to send a specially crafted MSETNX command, causing a service failure and terminating the Redis server process...
Fedora 37 : redis (2023-86068d1187)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-86068d1187 advisory. Redis 7.0.10 Released Mon Mar 20 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-28425...
CVE-2023-28425 Specially crafted MSETNX command can lead to denial-of-service
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...
DEBIAN-CVE-2023-25155
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...
UBUNTU-CVE-2023-25155
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...
SUSE CVE-2023-25155
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...
Redis Labs Redis 输入验证错误漏洞
Redis Labs Redis is Redis Labs, Inc. is a set of open source written in ANSI C, network-enabled, memory-based can also be persistent log-type, key-value Key-Value storage database, and provides a variety of languages API. A security vulnerability exists in Redis. This vulnerability can be exploit...
named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
...
Debian DLA-2857-1 : postgis - LTS security update
"The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2857 advisory. - PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted STAsX3D function input, as demonstrated by an abnorma...
bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly
Incremental zone transfers IXFR provide a way of transferring changed portions of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in...
ISC BIND 处理逻辑错误漏洞
ISC BIND is a suite of open source software from ISC that implements the DNS protocol. A Processing Logic Error vulnerability exists in ISC BIND, which originates when named attempts to respond via UDP with a response larger than the currently valid interface's Maximum Transmission Unit MTU and...
IBM DB2 命令注入漏洞
IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 for Linux, UNIX, and Windows including Db2 Connect Server, which stems...
The vulnerability of the RouterOS operating system in MikroTik routers, related to the emergency termination of the HTTP server, allows a hacker to restart the system and cause a service failure.
The vulnerability of the RouterOS operating system for MikroTik relates to the abnormal termination of the HTTP server. Exploiting this vulnerability allows a malicious actor to remotely restart the system and cause a service failure by sending a specially crafted HTTP request...