Rocky Linux 8 : tcpdump (RLSA-2020:4760)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4760 advisory. - tcpdump before 4.9.3 mishandles the printing of SMB data issue 1 of 2. CVE-2018-10103 - tcpdump before 4.9.3 mishandles the printing of SMB data issue...

CVE-2023-3341

CVE-2023-3341 describes a stack-exhaustion DoS in ISC BIND’s control channel; recursive parsing of control channel messages can overflow stack, causing named to terminate. Affected are BIND/NAMED versions across multiple series (e.g., 9.2.0–9.16.43, 9.18.0–9.18.18, 9.19.0–9.19.16, plus S1 variant...

Debian dla-3572 : libyang-cpp-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3572 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3572-1 [email protected]...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : re2c (SUSE-SU-2023:3353-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3353-1 advisory. - re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags. CVE-2018-212...

Security Bulletin: GraphQL Java component is vulnerable to CVE-2023-28867 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses GraphQL Java package which is vulnerable to CVE-2023-28867. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafted GraphQL query, a...

SUSE-SU-2023:3353-1 Security update for re2c

This update for re2c fixes the following issues: - CVE-2018-21232: Fixed excess stack consumption due to uncontrolled recursion in findfixedtags bsc1170890...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.8 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

graphql-java: crafted GraphQL query causes stack consumption

A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is...

GHSA-4RHQ-VQ24-88GW Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Impact Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service. Patches The problem has been fixed in 1.2.0. Workarounds No workaround is available. Users must upgrade...

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Impact Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service. Patches The problem has been fixed in 1.2.0. Workarounds No workaround is available. Users must upgrade...

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...

SUSE: Security Advisory (SUSE-SU-2023:1740-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : yaml-cpp (SUSE-SU-2023:1740-3)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1740-3 advisory. - The Scanner::EnsureTokensInQueue function in yaml-cpp aka LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service...

Denial Of Services (DoS)

graphql-java is vulnerable to Denial Of Services DoS. An attacker can send a maliciously crafted GraphQL query that causes excessive stack consumption, which can lead to an application crash...

CVE-2023-28867

A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service...

GraphQL Java vulnerable to stack consumption

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

GHSA-P4QX-6W5P-4RJ2 GraphQL Java vulnerable to stack consumption

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

CVE-2023-28867

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...

Design/Logic Flaw

In GraphQL Java aka graphql-java before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135...