CVE-2024-10573

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...

The vulnerability of the Microsoft .NET software platform and the Visual Studio source code editor, related to algorithmic complexity, allows attackers to trigger service interruptions.

The vulnerability of the Microsoft .NET software platform and the Visual Studio source code editor is related to the computational complexity of the algorithms involved. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

ROS-20241029-08

Vulnerability in the OpenSearch software package related to improper validation of the nextUrl parameter. Exploitation of the vulnerability could allow an attacker to redirect a user to a malicious site A vulnerability in the server.maxHeadersCount configuration of the ws client-server library in...

CVE-2024-10372

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function downloadmodel of the file buzz/modelloader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an...

CVE-2024-10372 chidiwilliams buzz model_loader.py download_model temp file

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function downloadmodel of the file buzz/modelloader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an...

CVE-2024-10372 chidiwilliams buzz model_loader.py download_model temp file

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function downloadmodel of the file buzz/modelloader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an...

CVE-2024-10372

CVE-2024-10372 — chidiwilliams buzz 1.1.0 is affected through the function download_model in buzz/model_loader.py, where misuse creates an insecure temporary file. Attacks can be launched locally with high attack complexity and minimal privileges, and the vulnerability has been publicly disclosed...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in async

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of async. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject functio...

The vulnerabilities of the Microsoft .NET software platform, Microsoft .NET Framework, and the Visual Studio source code editor are related to algorithmic complexity, allowing attackers to trigger service interruptions.

The vulnerabilities of the Microsoft .NET software platform, Microsoft .NET Framework, and the source code editor Visual Studio are related to algorithmic complexity. Exploiting these vulnerabilities can allow a malicious actor to cause service interruptions...

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : ICONICS, Mitsubishi Electric Equipment : ICONICS Product Suite, Mitsubishi Electric MC Works64 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could...

CVE-2024-10141

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

CVE-2024-10141

The CVE-2024-10141 issue affects jsbroks COCO Annotator 0.11.1, specifically the Session Handler component where manipulating the SECRET_KEY causes a predictable state from observable state. It can be initiated remotely, with attack complexity described as high and exploitability as difficult. Mu...

CVE-2024-10141 jsbroks COCO Annotator Session predictable state

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

GHSA-9RW2-JF8X-CGWM Flair allows arbitrary code execution

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...

CVE-2024-10073

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...

CVE-2024-10073

flairNLP flair 0.14.0 is affected by a code-injection vulnerability in the ClusteringModel function located in flair/models/clustering.py (Mode File Loader). The issue allows remote code execution and is described as high severity; attack complexity is listed as high and exploitation has been dis...

CVE-2005-10003 mikexstudios Xcomic os command injection

A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitabilit...

ROS-20241017-04

A vulnerability in the Microsoft .NET software platform involves inefficient algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Microsoft .NET software platform is related to post-release memory...

Microsoft .NET and Visual Studio Denial of Service Vulnerability

Microsoft Visual Studio is a family of development tool suites and a fundamentally complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft .NET is a software framework dedicated to agile software development, rapid application development,...

dotnet: Denial of Service in System.Text.Json

A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...