49 matches found
Medium: python-pillow
Issue Overview: An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw...
GLSA-202312-06 : Exiv2: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202312-06 Exiv2: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Exiv2. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from...
The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS operating system in devices of the EX4300-MP, EX4600, and QFX5000 series allows a hacker to cause a service failure.
The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS on EX4300-MP, EX4600, and QFX5000 devices is related to uncontrolled memory allocation. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
SUSE CVE-2018-5783
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function base/PdfVecObjects.h. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file...
SUSE CVE-2018-6869
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the zzipparserootdirectory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...
CVE-2022-4741
A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is...
docconv 安全漏洞
docconv is Search.io open source a library . PDF, DOC, DOCX, XML, HTML, RTF , etc. will be converted to plain text . docconv 1.2.0 and previous versions of a security vulnerability , the vulnerability stems from its ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText function of the operatio...
Juniper Junos OS Vulnerability (JSA69876)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69876 advisory. - In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Jun...
CVE-2022-22188
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine PFE of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service DoS. The device must be configur...
CVE-2022-22188
The CVE-2022-22188 entry concerns a heap-based buffer overflow in Juniper Networks Junos OS PFE (packet forwarding engine). A network-based, unauthenticated attacker can flood the target device with traffic, causing a Denial of Service, with impact dependent on device configuration. Affected plat...
CVE-2022-22188
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine PFE of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service DoS. The device must be configur...
CVE-2021-34869
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
CVE-2021-34868
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
CVE-2021-34869
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
CVE-2021-34868
Parallels Desktop 16.1.3-49160 contains a local privilege-escalation flaw in the Toolgate component. The issue stems from improper validation of user-supplied data, causing uncontrolled memory allocation, and enabling an attacker with low-privilege, local code execution on the guest to escalate p...
CVE-2020-18899
An uncontrolled memory allocation in DataBufdatasubBox.length-sizeofbox function of Exiv2 0.27 allows attackers to cause a denial of service DOS via a crafted input...
PYSEC-2021-879
An uncontrolled memory allocation in DataBufdatasubBox.length-sizeofbox function of Exiv2 0.27 allows attackers to cause a denial of service DOS via a crafted input...
CVE-2020-18899
An uncontrolled memory allocation in DataBufdatasubBox.length-sizeofbox function of Exiv2 0.27 allows attackers to cause a denial of service DOS via a crafted input...
(Pwn2Own) Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate...
The vulnerability of the Cisco AnyConnect Secure Mobility Client’s cryptographic protection mechanism, related to uncontrolled memory allocation, allows a perpetrator to cause a service failure.
The vulnerability of the Cisco AnyConnect Secure Mobility Client encryption method is related to uncontrolled memory allocation. Exploiting this vulnerability could allow a hacker to cause a service failure...