Denial Of Service (DoS)

libjxl.so is vulnerable to Denial of Service DoS. The vulnerability exists due to an integer underflow in the Decode function at decpatchdictionary.cc because the function doesn't properly check that all patches are in bounds resulting in an application crash...

VulnCheck KEV: CVE-2023-2986

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

PT-2023-10174 · Nanopb · Nanopb

Name of the Vulnerable Software and Affected Versions: Nanopb versions prior to 0.3.1 Description: The issue allows size t overflows in pb dec bytes and pb dec string. Recommendations: For versions prior to 0.3.1, update to version 0.3.1 or later to resolve the issue...

PT-2023-3751 · Tp Link · Tp-Link Ec-70

Name of the Vulnerable Software and Affected Versions: TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 Description: The issue is related to a buffer overflow in the tpsocket base64 decode function of the TP-Link EC-70 camera's firmware. This buffer overflow can be exploited by a remo...

CVE-2023-33496

xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode...

CVE-2023-33496

xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode...

PT-2023-24365 · Xxl-Rpc · Xxl-Rpc

Name of the Vulnerable Software and Affected Versions: xxl-rpc version 1.7.0 Description: A deserialization vulnerability was discovered in xxl-rpc via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecodedecode. This issue allows for potential exploitation. No information is...

PT-2023-24400 · Python · Cpython

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 alpha 7 Description: A heap use-after-free issue was discovered via the function ascii decode at /Objects/unicodeobject.c. Recommendations: For CPython version 3.12.0 alpha 7, consider disabling the ascii decode functio...

Python 资源管理错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.12.0 alpha 7, which stems from a heap-based use-after-release...

PT-2023-24438 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.17.2 Description: A heap buffer overflow issue exists, which can be triggered by calling the function nmq subinfo decode in the file mqtt parser.c. This can be exploited to cause a denial of service attack. Recommendations: F...

OESA-2023-1328 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

USN-6121-1 nanopb vulnerabilities

It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. CVE-2020-26243 It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this...

SUSE CVE-2023-2731

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...

UBUNTU-CVE-2023-2731

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

LibTIFF 代码问题漏洞

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A denial of service vulnerability exists in LibTIFF, which stems from a NULL pointer dereference issue found in the LZWDecode function, and c...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...

Glazed Lists 代码问题漏洞

Glazed Lists is Glazed Lists open source an open source list conversion for Java. A security vulnerability exists in Glazed Lists v1.11.0. An attacker exploiting this vulnerability can execute arbitrary code via the BeanXMLByteCoder.decode parameter...