OESA-2026-1047 xnio security update

XNIO is a simplified low-level I/O layer which can be used anywhere you are using NIO today. It frees you from the hassle of dealing with Selectors and the lack of NIO support for multicast sockets and non-socket I/O, while still maintaining all the capabilities present in NIO, and it opens the...

CVE-2018-19152

emercoin through 0.7 a chain-based proof-of-stake cryptocurrency allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM...

CVE-2018-19165

neblio through 1.5.1 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...

CVE-2010-0064

DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users...

CVE-2010-0065

Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted disk image with bzip2 compression...

CVE-2010-0294

chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service disk consumption via a large number of invalid packets...

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

CVE-2021-28667

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

CVE-2021-31727

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL...

CVE-2021-22953

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

CVE-2021-22919

A vulnerability has been discovered in Citrix ADC formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway, and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk...

CVE-2022-23026

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource...

CVE-2019-2191

In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions:...

CVE-2011-0949

Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshdlock files from /tmp/, which allows remote attackers to cause a denial of service disk consumption by making many SSHv1 connections, aka Bug ID CSCtd64417...

CVE-2023-43654

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

CVE-2024-39787

Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal...

(0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk cache service. The issue results from the lack of proper validation of user-supplied data,...

PT-2026-2002

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in the disk cache service of Langflow that allows remote attackers to execute arbitrary code on affected installations. Authentication is required for exploitation. The issue...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

CVE-1999-0313

diskbandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames...