The vulnerability of the Create_tmp_table::finalize component of the MariaDB database, which allows a hacker to trigger a service failure.

The vulnerability of the Createtmptable::finalize component in the MariaDB database lies in the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to trigger service failures through a specially crafted SQL query...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

DEBIAN-CVE-2022-39377

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic...

UBUNTU-CVE-2022-39377

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic...

PT-2022-7425 · Sysstat +10 · Sysstat +10

Name of the Vulnerable Software and Affected Versions: sysstat versions 9.1.16 through 12.7.0 Description: The issue is related to the allocate structures function in sa common.c, which insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated f...

The vulnerability of the FortiTester software-based diagnostic and audit tools for computer networks, as well as the FortiAnalyzer tool for event monitoring and analysis, stems from the lack of protective measures taken for website structures. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the FortiTester software for diagnosing and auditing computer networks, as well as the FortiAnalyzer software for monitoring and analyzing security events, is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability could allow...

The vulnerability of the Beaver Builder plugin of the WordPress content management system, related to the lack of protective measures for website structures, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Beaver Builder plugin of the WordPress content management system exists due to the lack of protection for website structures when images with the “Caption – On Hover” property are used. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...

[SECURITY] Fedora 36 Update: efl-1.26.3-1.fc36

EFL is a collection of libraries for handling many common tasks a developer may have such as data structures, communication, rendering, widgets and more...

[SECURITY] Fedora 37 Update: efl-1.26.3-1.fc37

EFL is a collection of libraries for handling many common tasks a developer may have such as data structures, communication, rendering, widgets and more...

Security Bulletin: Multiple Denial of Service vulnerabilities with Expat may affect IBM HTTP Server

Summary There are several vulnerabilities that may affect IBM HTTP Server that is used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending...

mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

Input validation

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...

Denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...

AZL-79086 CVE-2022-30635 affecting package golang 1.25.7-1

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

Design/Logic Flaw

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

UBUNTU-CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...