11 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the UploadAllFiles process. An attacker can cause the daemon to crash by importing a truncated or malformed backup archive that triggers a nil-pointer dereference during tar file iteration. Remediation...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the daemon to crash by importing a crafted backup archive containing a null entry in the volumesnapshots array, which leads to a nil-pointer...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
PT-2026-36995
Name of the Vulnerable Software and Affected Versions lxc versions prior to 7.0.0 Description A logic flaw in the find line function of the lxc-user-nic setuid helper allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When scanning the NIC database to...
Allocation of Resources Without Limits or Throttling
Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...
Incorrect Authorization
Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization due to a business logic flaw ...
PT-2024-14253 · Airflow · Airflow
Name of the Vulnerable Software and Affected Versions: Airflow versions 5.2.0 through 6.x Airflow versions 2.3.0 through 2.6.0 Description: The Airflow worker serializes a Kubernetes configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption...
PT-2022-15277 · Parse-Url · Url-Parse
Name of the Vulnerable Software and Affected Versions: parse-url versions prior to 7.0.0 Description: The issue is related to Server-Side Request Forgery SSRF in the parse-url repository. This allows for the exploitation of parse URL to read local files. Recommendations: For versions prior to...
Server-side Request Forgery (SSRF)
Overview github.com/thecodingmachine/gotenberg is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...