### Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many `WANT_BLOCK` and or `WANT_HAVE` requests which are queued in an unbounded queue, with allocations t ...
Continue Reading
May 11, 2023
### Impact Systems that run `distribution` built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious `/v2/_catalog` API endpoint ...
Continue Reading
May 11, 2023
This package has been moved to [`github.com/ipfs/boxo/bitswap`](https://pkg.go.dev/github.com/ipfs/boxo/bitswap), this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/ ...
Continue Reading
May 11, 2023
### Impact The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory speci ...
Continue Reading
May 11, 2023
## Releases * Ubuntu 23.04 * Ubuntu 22.10 * Ubuntu 22.04 LTS * Ubuntu 20.04 LTS ## Packages * cinder - OpenStack storage service Jan Wasilewski and Gorka Eguileor discovered that Cinder inco ...
Continue Reading
May 11, 2023
## Releases * Ubuntu 23.04 * Ubuntu 22.10 * Ubuntu 22.04 LTS * Ubuntu 20.04 LTS ## Packages * nova - OpenStack Compute cloud infrastructure Jan Wasilewski and Gorka Eguileor discovered that ...
Continue Reading
May 11, 2023
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform prior to v2.0.0 allows attackers to read arbitrary files on the server via the path parameter.Read More ...
Continue Reading
May 11, 2023
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform prior to v2.0.0 allows attackers to read arbitrary files on the server via the path parameter.Read More ...
Continue Reading
May 11, 2023
Back to Main
