510 matches found
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS through the runtool command which exposes classes in the water.tools package via the ast parser. An attacker can shut down the server and write large files to arbitrary directories by exploiting the...
CVE-2024-11171 Improper Input Validation in danny-avila/librechat
In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer middleware for handling multipart file uploads. When using in-memory storage the default setting for multer, there is no limit on the upload file size. This can lead to a...
netty: Denial of Service attack on windows app using Netty
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...
RLSA-2025:0845 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 For mo...
CVE-2024-53880
NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial ...
CVE-2025-25193 Denial of Service attack on windows app using Netty
Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file...
CVE-2025-25193 Denial of Service attack on windows app using Netty
Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in BufferedReader.readLine, which does not count null bytes when calculating the acceptable size of an input stream. An attacker can cause the application to crash by creating a large...
Netty 资源管理错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used to develop Java web applications such as protocol servers and clients. A resource management error vulnerability exists in Netty 4.1.118.Final and earlier versions, which stems from a non-existen...
netty: Denial of Service attack on windows app using Netty
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...
Git LFS permits exfiltration of credentials via crafted HTTP URLs
...
RHSA-2025:0845 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2025:0845 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 For mo...
RHSA-2025:0765 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
RHSA-2025:0759 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
RHSA-2025:0758 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...
git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs
A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...
git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs
A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...