112 matches found
CVE-2025-5024 Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer bei...
Sandbox Escape
CefSharp is vulnerable to Sandbox Escape. The vulnerability is due to improper handling of system resource handles in Mojo under certain unspecified conditions, allows a malicious file to exploit the flaw and escape the sandbox...
[SECURITY] [DLA 4117-1] atop security update
Debian LTS Advisory DLA-4117-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara April 06, 2025 https://wiki.debian.org/LTS Package : atop Version : 2.6.0-2+deb11u1 CVE ID : CVE-2025-31160 It was discovered that Atop, a monitor tool for system resources...
Intel System Security Report and System Resource Defense 竞争条件问题漏洞
Intel System Security Report and System Resource Defense is a security reporting and system resource defense firmware from Intel Corporation USA. Intel System Security Report and System Resource Defense suffers from a Competitive Condition Issue vulnerability that stems from the presence of a...
Intel System Security Report and System Resource Defense 竞争条件问题漏洞
Intel System Security Report and System Resources Defense is a security reporting and system resource defense firmware from Intel Corporation USA. Intel System Security Report and System Resource Defense suffers from a Competitive Condition Issue vulnerability that stems from the presence of a...
BIT-CASSANDRA-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
CVE-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...
Denial of Service(DOS) in KnowledgeBaseWebReader
Target Target Description KnowledgeBaseWebReader class recursively calls getarticleurls method. If the attacker can control a url variable to contain the root URL, it can lead to infinite recursive calls involving the same root URL repeatedly. This would cause a Denial of Service DoS scenario,...
Denial Of Service (DoS)
The System.IO.Packaging library is vulnerable to Denial Of Service DoS. The vulnerability is due to the inadequate validation of untrusted inputs by the System.IO.Packaging library, allowing attackers to exploit complex operations and exhaust system resources...
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...
GHSA-CX7F-G6MP-7HQM Path traversal vulnerability in functional web frameworks
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
UBUNTU-CVE-2024-38816
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
CVE-2024-42464
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9...
Unlimited number of NTS-KE connections can crash ntpd-rs server
Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number ...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat [CVE-2023-52425]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat, caused by improper system resource allocation CVE-2023-52425. libexpat is included as a Base OS package used by our Speech Services. This vulnerabilitiy has been addressed...
Security Bulletin: A security vulnerability has been disclosed in Expat, which is installed as part of IBM Tivoli Network Manager (CVE-2023-52425).
Summary A security vulnerability has been disclosed in the Expat library libexpat, which is installed as part of IBM Tivoli Network Manager. Information about this vulnerability has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerab...
BIT-NODE-2021-22883
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...
CVE-2024-25606
XXE vulnerability in Liferay Portal and Liferay DXP tracked as CVE-2024-25606 affects multiple versions (Liferay Portal 7.2.0–7.4.3.7; DXP 7.2/7.3/7.4 with specific updates). The underlying issue is in the Java2WsddTask._format method, allowing an attacker with permission to deploy widgets/portle...
CVE-2023-3486 PaperCut NG Unauthenticated File Upload
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected...