Persistent Temp-File incomplete cleanup / resource exhaustion in `transformers` Serve

Description The transformers OpenAI-compatible server leaks every base64 image it decodes to disk. Because the temporary files are never cleaned up, an attacker can exhaust disk space by repeatedly calling /v1/chat/completions with base64 imageurl entries. Vulnerable Code In...

Malicious code in theice (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a5284ff23f0c6a6b960f00ae8adcf8fd068d714b2689229fa6355a69fc5d778 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-10351

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the incomplete cleanup of temporary or auxiliary resources in the Linux kernel, specifically in the s390/pkey component. This could allow an attacker to cause a...

SUSE CVE-2022-42310

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is...