21 matches found
Tornado is vulnerable to DoS due to too many multipart parts
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart...
Use of Externally-Controlled Format String
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Use of Externally-Controlled Format String
Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Use of Externally-Controlled Format String
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Use of Externally-Controlled Format String
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Use of Externally-Controlled Format String
Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Format String via the InterpretImageFilename function, where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can execute arbitrary code or cause a heap-based buff...
PT-2025-2743 · Elspec Engineering · Elspec Engineering G5 Digital Fault Recorder Firmware
Name of the Vulnerable Software and Affected Versions: Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12 Description: The issue is related to an XML External Entity XXE vulnerability, which allows attackers to cause a Denial of Service DoS via a crafted XML payload. This...
PT-2024-8060 · Foxit · Foxit Pdf Editor +1
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...
PT-2024-19062 · Biosig +1 · Libbiosig +1
Name of the Vulnerable Software and Affected Versions: The Biosig Project libbiosig versions 2.5.0 through Master Branch ab0ee111 Description: A heap-based buffer overflow vulnerability exists in the .egi parsing functionality. A specially crafted .egi file can lead to arbitrary code execution. A...
PT-2023-7288 · Unknown · Weston Embedded Uc-Http
Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A memory corruption issue exists in the HTTP Server header parsing functionality. This can be exploited by sending specially crafted network packets, potentially leading to code execution. ...
PT-2023-6724 · Unknown +1 · Open Babel +1
Name of the Vulnerable Software and Affected Versions: Open Babel versions 3.1.1 and master commit 530dbfa3 Description: The issue is related to out-of-bounds write vulnerabilities in the translationVectors parsing functionality. This can be triggered by a specially-crafted malformed file,...
GHSA-Q79M-C546-2G63 CakePHP vulnerable to Denial of Service attack through XML payloads
RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages Xml::build which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML...
CakePHP vulnerable to Denial of Service attack through XML payloads
RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages Xml::build which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML...
PT-2022-18940 · Bentley · Microstation Connect
Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.34 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...
PT-2022-5474 · Corel · Coreldraw Graphics Suite
Name of the Vulnerable Software and Affected Versions: CorelDRAW Graphics Suite version 23.5.0.506 Description: The issue is related to a read past the end of an allocated object when parsing GIF images, which can allow an attacker to disclose sensitive information. This can be exploited by openi...
PT-2021-19391 · Opentext · Opentext Brava! Desktop
Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.3.84 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...
PT-2021-19398 · Opentext · Opentext Brava! Desktop
Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.4.55 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...
PT-2021-19395 · Opentext · Opentext Brava! Desktop
Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.4.55 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...
PT-2021-19359 · Opentext · Opentext Brava! Desktop
Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.3.84 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...
PT-2021-11585 · X/Text +6 · X/Text +6
Name of the Vulnerable Software and Affected Versions: x/text versions prior to 0.3.5 x/text version 1.15.4 Description: A "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. The x/text/language package is supposed to be able to parse an HTTP...