armorcodegithubpreprod[bot]
commented
6 months ago Finding [47833130|https://preprod.armorcode.ai/#/findings/257/1167/47833130], [47833054|https://preprod.armorcode.ai/#/findings/257/1167/47833054], [47833067|https://preprod.armorcode.ai/#/findings/257/1167/47833067], [47833069|https://preprod.armorcode.ai/#/findings/257/1167/47833069], [47833128|https://preprod.armorcode.ai/#/findings/257/1167/47833128] are Mitigated
by SYSTEM via ArmorCode Platform
Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Allocation of Resources Without Limits or Throttling
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
systemdpackage. SeeHow to fix?forDebian:9relevant versions.An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
nsspackage.A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
systemdpackage. SeeHow to fix?forDebian:9relevant versions.An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
nghttp2package. SeeHow to fix?forDebian:9relevant versions.Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
tiffpackage. SeeHow to fix?forDebian:9relevant versions.The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active