34 matches found
EUVD-2024-17652
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-23836
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an...
CVE-2024-56332
A flaw was found in Next.js package. A denial of service DoS attack allows attackers to construct requests that leave requests to Server Actions hanging until the hosting provider cancels the function execution. The Next.js server is idle during that time and only keeps the connection open. The C...
AZL-35877 CVE-2024-28180 affecting package containerd for versions less than 1.7.13-6
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
PT-2024-2050
Name of the Vulnerable Software and Affected Versions go-jose versions prior to 2.6.3 go-jose versions prior to 3.0.3 go-jose versions prior to 4.0.1 Description The issue is related to the incorrect handling of highly compressed input data in the go-jose package, which implements the Javascript...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when reading a maliciously crafted X.509 certificate. Note: This issue only affects Linux systems. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its...
Design/Logic Flaw
notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...
AZL-40841 CVE-2022-3064 affecting package packer for versions less than 1.9.5-1
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
CVE-2022-36773
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571...
dotnet: malicious content causes high CPU and memory usage
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that man...
envoy: Resource exhaustion when processing HTTP/1.1 headers with long field names
An uncontrolled resource consumption vulnerability was found in Envoy. This flaw allows an attacker to craft many HTTP requests with long field names or URLs to cause the proxy to consume excessive amounts of memory, potentially resulting in a denial of service. The highest threat from this...
F5 Networks BIG-IP : BIG-IP TMM vulnerability (K76328112)
BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions. CVE-2019-6683 Impact This vulnerability is present only on BIG-IP Virtual Edition VE systems with limited bandwidth licenses. BIG-IP VE products with...
CVE-2016-1970
Integer underflow in the srtpunprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...
From the flowers began to scold kill free-vulnerability warning-the black bar safety net
The topic you read that right, and indeed from the flower began to scoldfree kill. Why you want to scold it, in fact because of recent school bored, so using a mobile phone on the QQ scurry. Not is I which nerve dislocation, is looking for a to teachfree killchat updon't ask me how I make him tal...