1893 matches found
Ruby on Rails: DoS with crafted "Range" header
The vulnerability was discovered in the Active Storage component of Ruby on Rails. The vulnerability allowed an attacker to craft a "Range" header that could lead to a Denial of Service DoS attack. The attack was possible due to the lack of validation on overlapping ranges in the...
ROS-20231114-02
Vulnerability of XIChangeDeviceProperty Xi/xiproperty.c and RRChangeOutputProperty functions randr/rrrproperty.c of X Window System Xorg-server is related to the possibility of writing outside the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker to cau...
ROS-20231114-01
A vulnerability in the Blink Media component of the Google Chrome browser is related to memory usage after it has been after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the Blink Frames component of Goog...
golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service...
go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...
golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service...
rubygem-actionpack: Denial of Service in Action Dispatch
A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...
go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...
golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service...
RHEL 9 : libssh (RHSA-2023:6643)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6643 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...
Advisory ROSA-SA-2023-2287
Software: dnsmasq 2.79 OS: ROSA Virtualization 2.1 packageevrstring: dnsmasq-2.79-26.rv3.src.rpm CVE-ID: CVE-2022-0934 BDU-ID: 2022-03253 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DHCPv6 protocol implementation of the Dnsmasq DNS server is related to a memory usage error after memory is...
GHSA-HRFV-MQP8-Q5RW Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
Werkzeug multipart data parser needs to find a boundary that may be between consecutive chunks. That's why parsing is based on looking for newline characters. Unfortunately, code looking for partial boundary in the buffer is written inefficiently, so if we upload a file that starts with CR or LF...
Advisory ROSA-SA-2023-2253
software: mariadb 10.5.20 OS: ROSA-CHROME packageevrstring: mariadb-10.5.20-1.src.rpm CVE-ID: CVE-2022-21595 BDU-ID: 2022-06420 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability exists in the C API component of the MySQL Server database management system due to insufficient input validation. Exploitati...
golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service...
CVE-2023-42319
Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...
PT-2023-28313 · Ethereum · Geth
Name of the Vulnerable Software and Affected Versions: Geth aka go-ethereum versions 1.13.4 and earlier Description: The issue allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query when --http --graphql is used. The vendor's position i...
Moderate: Red Hat Security Advisory: nginx security update
An update for nginx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Denial Of Service
JSON-Java is vulnerable to Denial of Service. The vulnerability is due to chars with value \0 being parsed incorrectly, which can results in an input string of modest size causing indefinite amounts of memory usage...
CVE-2023-5072
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used...
JSON-Java Security Vulnerabilities
JSON-Java is a program package from Sean Leary Individual Developer. A security vulnerability exists in JSON-Java 20230618 and earlier versions, which stems from an error in the parser that means that a moderately sized input string could result in unlimited memory usage...