Lucene search
K

143 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.2 views

SUSE CVE-2018-20406

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

2.9CVSS9AI score0.05789EPSS
Exploits1References26
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.3 views

SUSE CVE-2021-3700

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparserserialize in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination...

3.9CVSS6.8AI score0.00309EPSS
Exploits0References3
OSV
OSV
added 2023/01/03 11:49 a.m.3 views

USN-5784-1 usbredir vulnerability

It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary...

6.4CVSS6AI score0.00309EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2022/12/19 5:0 p.m.30 views

Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report

We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture. Wi...

0.4AI score
Exploits0
OSV
OSV
added 2022/11/23 7:15 a.m.3 views

CVE-2022-4045

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data...

6.5CVSS5.8AI score0.00597EPSS
Exploits0References1
Snyk
Snyk
added 2022/10/19 6:23 a.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the FTS3 extension, due to 32-bit signed integer overflow. In order to exploit this vulnerability, the attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3...

4.1CVSS7.6AI score
Exploits0References2
OSV
OSV
added 2022/08/24 12:0 a.m.3 views

GHSA-MFPJ-3QHM-976M Uncontrolled Resource Consumption in asyncua and opcua

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...

7.5CVSS7.1AI score0.01063EPSS
Exploits0References6
CNVD
CNVD
added 2022/08/05 12:0 a.m.44 views

Apache Hadoop Parameter Injection Vulnerability

Apache Hadoop is an open source distributed system infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. Apache Hadoop has a security vulnerability that stems from its...

9.8CVSS1.3AI score0.03259EPSS
Exploits0References1
Snyk
Snyk
added 2022/05/20 9:17 p.m.3 views

Uncontrolled Recursion

Overview std/encoding/pem is a Go standard library package std/encoding/pem Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Stack overflow via a large amount of PEM data via the Decode function. An attacker can cause a stack overflow and...

8.7CVSS8.8AI score0.05335EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/05/04 12:0 a.m.8 views

PT-2022-19322 · H3C · H3C Magic R100

Name of the Vulnerable Software and Affected Versions: H3C MagicR100 versions V100R005 and earlier Description: The issue allows unauthorized access to the "/Ajax/ajaxget" interface. It can be exploited by sending a large amount of data through ajaxmsg to carry out a denial-of-service DOS attack....

7.5CVSS7.3AI score0.01131EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/04/20 10:15 a.m.7 views

CVE-2022-24675

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data...

7.5CVSS6.9AI score0.05335EPSS
Exploits1References18
RedHat Linux
RedHat Linux
added 2021/11/09 6:33 p.m.3 views

openssl: integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS6.9AI score0.50732EPSS
Exploits0References5
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.9 views

ConcentratedLiquidityPoolHelper.getTickState reverts

Handle cmichel Vulnerability details ConcentratedLiquidityPoolHelper.getTickState allocates only tickCount elements for the ticks array. But the while loop iterates over all ticks of the pool which can potentially become very large, much larger than any tickCount could iterate in a reasonable tim...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2021/06/21 6:45 p.m.16 views

CVE-2021-21422 XSS Vulnerability in mongo-express

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...

8.1CVSS8.1AI score0.0157EPSS
Exploits1References3
OSV
OSV
added 2021/06/09 6:37 p.m.3 views

USN-4986-2 rpcbind vulnerability

USN-4986-1 fixed a vulnerability in rpcbind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to...

7.8CVSS7.1AI score0.81921EPSS
Exploits4References2
OSV
OSV
added 2021/06/09 11:10 a.m.3 views

USN-4986-1 rpcbind vulnerability

It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service...

7.8CVSS7.2AI score0.81921EPSS
Exploits4References2
CNNVD
CNNVD
added 2021/04/30 12:0 a.m.6 views

Open-Xchange OX App Suite 资源管理错误漏洞

Open-Xchange OX App Suite is an e-mail client software from the German company Open-Xchange. A security vulnerability exists in OX App Suite version 7.10.4 and prior versions that allows denial of service via a WKS server with slow response times or large data volumes...

7.5CVSS7.3AI score0.0157EPSS
Exploits1References4
OSV
OSV
added 2021/02/07 8:15 p.m.3 views

DEBIAN-CVE-2020-36242

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class...

9.1CVSS7.1AI score0.06718EPSS
Exploits1References1
PyPA
PyPA
added 2021/02/07 8:15 p.m.7 views

PYSEC-2021-63

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class...

9.1CVSS8.5AI score0.06718EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2021/01/08 4:57 a.m.23 views

Denial Of Service (DoS)

engine.io is vulnerable to denial of service. An attacker is able to crash the server by sending malicious requests containing large amount of data...

7.5CVSS3.4AI score0.03327EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder