22 matches found
EUVD-2017-16566
Malware in sbrugna...
EUVD-2019-9071
Malware in sbrugna...
EUVD-2018-10863
Malware in sbrugna...
CVE-2025-0426
CVE-2025-0426 (Kubernetes) : The vulnerability concerns the kubelet read-only HTTP endpoint. A flood of container checkpoint requests to the unauthenticated endpoint can exhaust node disk space, leading to a Node DoS. The provided connected IBM/KB content lists this CVE and reproduces the Kuberne...
CVE-2024-24752
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
GHSA-RCJC-C4PJ-XXRP Apache Derby: LDAP injection vulnerability in authenticator
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...
UBUNTU-CVE-2022-46337
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...
Authorization
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...
CVE-2022-46337
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...
CVE-2023-1580
CVE-2023-1580 affects Devolutions Gateway 2023.1.1 and earlier. The underlying issue is uncontrolled resource consumption in the logging feature, which can be exploited by an attacker to cause a denial of service by filling up disk space, rendering the system unusable. The CVSS/metrics indicate n...
CVE-2023-1580
Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable...
Out-Of-Bounds Read
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...
Internet Bug Bounty: Long filenames cause OOM and temp files are not cleaned
https://bugs.php.net/bug.php?id=78875 Impact Disk could be filled up completely by remote attacker without privileges...
CVE-2019-19451
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...
CVE-2019-19451
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...
CVE-2019-19451
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...
CVE-2018-19151
qtum through 0.16 a chain-based proof-of-stake cryptocurrency allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM...
CVE-2019-12210
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...
CVE-2017-7560
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes...
Code injection
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes...