21 matches found
Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator
Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.4 Vulnerability Details CVEID:CVE-2026-33173 DESCRIPTION: Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController...
RHEL 9 : grafana-pcp (RHSA-2026:3818)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3818 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...
EUVD-2018-16167
Malware in sbrugna...
EUVD-2019-18164
Malware in sbrugna...
EUVD-2024-54025
Malicious code in bioql PyPI...
EUVD-2023-32177
Malicious code in bioql PyPI...
CVE-2022-22588
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service...
Medium: nerdctl
Issue Overview: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing...
Denial Of Service (DoS)
H2O-3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of highly compressed data due to repeatedly parsing a large GZIP file, leading to memory exhaustion and a large number of slow-running jobs, making the server unresponsive...
CVE-2025-29910 CryptoLib's crypto_handle_incrementing_nontransmitted_counter Function has Memory Leak
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A memory leak vulnerability was identified in the...
Linux Distros Unpatched Vulnerability : CVE-2024-34156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...
PT-2024-1751
Vulnerability Report Name of the Vulnerable Software and Affected Versions BIND versions 9.16.48-1 through 9.18.24-1 Unbound versions 1.19.1-alt1 PDNS Recursor versions 4.8.6-1 Knot Resolver versions 5.6.0-1+deb12u1 systemd affected versions not specified dnsmasq affected versions not specified...
compat-exiv2-026 security update
An update is available for compat-exiv2-026. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Exiv2 is a C++ library to access image metadata, supporting read and...
Moderate: exiv2 security, bug fix, and enhancement update
Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to ...
Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability
Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service DoS issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes fo...
Stack overflow
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service DOS via a crafted file...
PYSEC-2021-885
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service DOS via a crafted file...
CVE-2019-1000031
A disk space or quota exhaustion issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in...
CVE-2019-1000031
The CVE-2019-1000031 entry affects the article2pdf WordPress plugin, specifically versions 0.24–0.27. The root cause is in article2pdf_getfile.php: when a user visits the PDF generation link but does not follow the redirect, the generated PDF file is left on disk and not deleted by the plugin, le...
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:3388-1)
This update for ImageMagick fixes the following issues : - CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service bsc1061254 - CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service bsc1060176 -...