EUVD-2023-45574

Malicious code in bioql PyPI...

matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads

Impact MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative...

BIT-GITLAB-2021-39942

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to...

CVE-2023-41042 Discourse DoS via remote theme assets

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in versions prior to Discourse 3.1.1 that stems from not enforcing file size or number file limits...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists because the low-privileged users can bypass the file size limits in the NPM package repository...

SUSE CVE-2017-6467

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size...

ToolJet Denial of Service Vulnerability

ToolJet is an extensible, low-code framework for building business applications from ToolJet.A denial-of-service vulnerability exists in ToolJet prior to version 1.27.0, which stems from improper handling of file size limits. An attacker could exploit this vulnerability to cause site downtime...

CVE-2021-39942

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to...

CVE-2021-39942

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to...

Denial of service

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to...

CVE-2021-39942

GitLab CVE-2021-39942 affects GitLab CE/EE. A denial-of-service condition arises when low-privilege users bypass the NPM package repository’s file size limits, potentially exhausting resources. Affected versions are GitLab 12.0 and later up to 14.3.6 (inclusive of 12.x–14.3.x), all 14.4.x before ...

CVE-2021-39942

Removed by vendor...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of state parameter on GitHub import project OAuth Vulnerability related fields are available to unauthorized users on GraphQL API Deleting packages may cause table locks IP restriction bypass via GraphQL...

GHSA-M42X-37P3-FV5W Circumvention of file size limits in ActiveStorage

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...

UBUNTU-CVE-2017-6467

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size...