162 matches found
CVE-2024-57884
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim The task sometimes continues looping in throttledirectreclaim because allowdirectreclaimpgdat keeps returning false. 0 ffff80002cb6f8d0 switchto...
DEBIAN-CVE-2024-57884
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim The task sometimes continues looping in throttledirectreclaim because allowdirectreclaimpgdat keeps returning false. 0 ffff80002cb6f8d0 switchto...
UBUNTU-CVE-2024-57884
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim The task sometimes continues looping in throttledirectreclaim because allowdirectreclaimpgdat keeps returning false. 0 ffff80002cb6f8d0 switchto...
CVE-2024-57884
Technical details about CVE-2024-57884 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2024-57884 mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim The task sometimes continues looping in throttledirectreclaim because allowdirectreclaimpgdat keeps returning false. 0 ffff80002cb6f8d0 switchto...
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service
Summary A Denial of Service DoS vulnerability in the authentication middleware allows any client to cause memory exhaustion by sending large request bodies. The server reads the entire request body into memory without size limits, creating multiple copies during processing, which can lead to Out ...
SUSE-SU-2024:2463-1 Security update for squashfs
This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools bsc935380 - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination bsc1189936 - CVE-2021-41072: Fixed an issu...
CVE-2020-36776 thermal/drivers/cpufreq_cooling: Fix slab OOB issue
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreqcooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpupowertofreq. If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index...
Unbreakable Enterprise kernel security update
4.14.35-2047.533.3 - net: rfkill: gpio: set GPIO direction Rouven Czerwinski - sched/fair: Fix tg-load when offlining a CPU Vincent Guittot Orabug: 36185208 - IB/cm: Cancel mad on the DREQ event when the state is MRAREPRCVD Mark Zhang Orabug: 36143229 - sched/rt: picknextrtentity: check listentry...
Amazon Web Services EC2 SSM enumeration
Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all SSM-enabled EC2 instances accessible to the account. Once enumerated as SSM-enabled, the instances can be controlled using out-of-band WebSocket sessions provided by the AWS API nominally,...
kernel: blk-throttle: prevent overflow while calculating wait time
In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tgwithinbpslimit that 'bpslimit jiffyelapsedrnd' might overflow. Fix the problem by calling mulu64u64divu64 instead...
Governance can cap the outflow of funds significantly preventing user redemptions
Lines of code Vulnerability details Impact The Reserve protocol always intends to allows free outflow of rToken collaterals. The redemption of rToken is allowed even when the protocol is paused. A Throttle mechanism is in place to just limit the outflow of funds from the contract. However the...
Unsafe typecasting
Lines of code Vulnerability details Impact In the RToken.issueTo function unsafe typecasting of uint256 to int256 is performed while invoking the Throttle.useAvailable function. function issueToaddress recipient, uint256 amount public notPausedOrFrozen exchangeRateIsValidAfter requireamount 0,...
GSD-2022-1007220 blk-throttle: prevent overflow while calculating wait time
blk-throttle: prevent overflow while calculating wait time This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.150 by commit...
PT-2022-34981 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to the blk-throttle component, where an overflow can occur while calculating wait time. The actual impact and attack plausibility have not yet been proven. Recommendation...
PT-2022-35265 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the blk-throttle component, where an overflow can occur while calculating wait time. The actual impact and attack plausibility have not yet been proven...
Nextcloud: Brute force protections don't work
Summary: Most of the brute force protections don't actually throttle the response and so they are not logging negative attempts Search for functions with the @BruteForceProtection annotation and check that they call throttle on the response at least conditionally. Impact Brute force protection is...
Validate input variables bounds
83 comment Warden: throttle fee variables bounds are not checked. this can lead to expensive mistake --- The text was updated successfully, but these errors were encountered: All reactions...
CVE-2022-1428
An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being...
CVE-2022-24784
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...