GHSA-P543-XPFM-54CP Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Summary Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory OOM...

ROS-20220225-01

Expat parsing library vulnerability, related to integer overflow in copyString. Exploitation vulnerability could allow an attacker acting remotely to pass specially crafted data to an application, cause an integer overflow, and cause a denial of service condition on the target system. data, trigg...

ROS-2-1700

2.1700 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...

ROS-2-853

2.853 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...

ROS-2-2222

2.2222 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2019-08533)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in versions of Mozilla Firefox prior to 66, which stems from the program's failure to perform sufficient boundary detection on data. An attacker could...

Red Hat SPICE Denial of Service Vulnerability

Red Hat SPICE is an adaptive telepresence open-source protocol used by Red Hat's Enterprise Virtualized Desktop Edition to connect users to their virtual desktops, providing the exact same end-user experience as a physical desktop. A denial-of-service vulnerability exists in Red Hat SPICE version...

Mozilla Firefox ESR Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Firefox ESR is an extended support version of Firefox. A buffer overflow vulnerability exists in Mozilla Firefox ESR prior to version 52.8, which arises from the program failing to perform proper boundar...

Google Chrome Skia Buffer Overflow Vulnerability (CNVD-2018-08960)

Google Chrome is a web browser developed by Google, Inc. Skia is an open source 2D graphics library that provides common APIs that work on a variety of hardware and software platforms. A heap buffer overflow vulnerability exists in Skia in versions prior to Google Chrome 65.0.3325.146, which stem...

Google Android Buffer Overflow Vulnerability (CNVD-2018-07849)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A stack overflow vulnerability exists in the avrcctrlparsvendorrsp in the avrcparsct.cc file in Android, which stems from a lack of boundary detection in the program. A remote...

Google Android libframesequence Denial of Service Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. libframesequence is a library of GIF image tools. A denial of service vulnerability exists in the 'FrameSequencegif::FrameSequencegif' function of libframesequence in Android, whi...

Google Android NVIDIA Thermal Driver Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which NVIDIA Thermal driver is a temperature control component. An elevation of privilege vulnerability exists in the NVIDIA Thermal driver in Google Android that stems from a...

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-32492)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States of America Cisco Cisco company's set of audio and video conferencing server software.Web Admin Interface is one of the Web login interface. A denial of service vulnerability exists in the Web Admin Interfac...

Google AndroidBroadcom Wi-Fi Driver Mobilization Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Broadcom Wi-Fi Driver is a Broadcom-developed Wi-Fi driver module used in it. The Broadcom Wi-Fi Driver for Google Android is vulnerable to a power lifting vulnerability that...