SUSE CVE-2015-8953

fs/overlayfs/copyup.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service dentry reference leak via filesystem operations on a large file in a lower overlayfs layer...

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

After the U.S. Cybersecurity and Infrastructure Security Agency CISA released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a syste...

bzip2 输入验证错误漏洞

bzip2 is an open source compression/decompression application. A security vulnerability exists in bzip2-rs, which stems from allowing an attacker to cause a denial of service via a large file, which triggers an integer overflow in mem.rs...

DDOS attack by uploading a few hundred large files

Description can normal user upload the photo to the profile not allowed photo more than 2 MB i can upload photo more allowed limit Proof of Concept https://drive.google.com/file/d/1jh0n9kOoFvW-esHgpOtPeURTYjSIhDm/view?usp=sharing...

[SECURITY] Fedora 36 Update: golang-github-kalafut-imohash-1.0.2-4.fc36

Fast hashing for large files...

[SECURITY] Fedora 35 Update: golang-github-kalafut-imohash-1.0.2-3.fc35

Fast hashing for large files...

CVE-2022-2406

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API...

PT-2022-16440 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.7.0 and earlier Description: The legacy Slack import feature fails to properly limit the sizes of imported files, allowing an authenticated attacker to crash the server by importing large files via the Slack import REST...

[SECURITY] Fedora 36 Update: golang-github-kalafut-imohash-1.0.2-3.fc36

Fast hashing for large files...

[SECURITY] Fedora 36 Update: git-lfs-3.1.2-4.fc36

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

DoS through large manifest files in Argo CD

Impact All versions of Argo CD starting with v0.7.0 is vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...

[SECURITY] Fedora 36 Update: libtiff-4.4.0-1.fc36

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

PT-2022-3260 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 0.7.0 and later Argo CD versions prior to 2.1.16 Argo CD versions prior to 2.2.10 Argo CD versions prior to 2.3.5 Argo CD versions prior to 2.4.1 Description: The issue is related to an uncontrolled memory consumption bug in...

Scrapy denial of service vulnerability

Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...

GHSA-H7WM-PH43-C39P Scrapy denial of service vulnerability

Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...

UBUNTU-CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

Git Lfs 代码问题漏洞

Git Lfs is a command line tool from the Git Lfs team for working with large files in git projects. A code issue vulnerability exists in Git Lfs that allows an attacker to execute arbitrary code...

CVE-2022-1337

Mattermost’s image proxy component in version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, enabling an authenticated attacker to crash the server by accessing links to very large image files. The consolidated set of sources (CVE-2022-1337 entries across NVD, Red Hat,...

Unsafe parsing in SWHKD

SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service memory exhaustion upon an attempt to parse a large or infinite file such as a block or character device...

SWHKD 资源管理错误漏洞

SWHKD is a display protocol-independent hotkey daemon made in Rust. SWHKD has a security vulnerability that stems from insecure parsing and can be exploited by an attacker to cause a simple denial of service memory exhaustion when attempting to parse large or unlimited files such as blocks or...