14 matches found
Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3155 (ALAS-2026-3155)
The version of nerdctl installed on the remote host is prior to 2.2.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3155 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program ...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
CVE-2024-45626 Apache James: denial of service through JMAP HTML to text conversion
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7398 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
CVE-2023-5954
A flaw was found in The HashiCorp Vault, which may be susceptible to a denial of service due to an unbounded consumption of memory when handling policy requests. This issue may allow an attacker to trigger policy checks by sending multiple inbound client requests that create a logger that is neve...
Denial Of Service (DoS)
github.com/sajari/docconv is vulnerable to denial of service. The vulnerability exists in multiple functions due to unbounded memory consumption which allows an attacker to cause an application crash...
SUSE: Security Advisory (SUSE-SU-2022:3669-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:3669-1 Security update for go1.19
This update for go1.19 fixes the following issues: Updated to version 1.19.2 bsc1200441: - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax bsc1204023. - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar bsc1204024. - CVE-2022-2880: Fixed ReverseProxy...
CVE-2022-33747
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M Physical-to-Machine mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation to replace a...
CVE-2022-33747
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M Physical-to-Machine mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation to replace a...
go -- multiple vulnerabilities
The Go project reports: archive/tar: unbounded memory consumption when reading headers Reader.Read did not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics...
CVE-2017-14495
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the...
EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2018-1285)
According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory...