15 matches found
CVE-2025-23184
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system it applies to servers and clients...
CVE-2023-5969
Mattermost fails to properly sanitize the request to /api/v4/redirectlocation allowing an attacker, sending a specially crafted request to /api/v4/redirectlocation, to fill up the memory due to caching large items...
Cross site request forgery (csrf)
Mattermost fails to properly sanitize the request to /api/v4/redirectlocation allowing an attacker, sending a specially crafted request to /api/v4/redirectlocation, to fill up the memory due to caching large items...
GHSA-76FG-MHRG-FMMG XNIO `notifyReadClosed` method logging message to unexpected end
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
CVE-2022-0084
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
Design/Logic Flaw
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
CVE-2022-0084
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
CVE-2022-0084
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
CVE-2022-0084
CVE-2022-0084 affects XNIO: the notifyReadClosed path logs to the opposite end, enabling an attacker to send malformed requests that may cause log contention or disk space exhaustion. Connected docs confirm this root cause and cite IBM/Red Hat advisories linking the CVE to XNIO, with remediation ...
CVE-2022-0084
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
CVE-2022-0084
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
Code injection
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's...
Guest triggerable qemu MSI-X pass-through error messages
ISSUE DESCRIPTION Device model code dealing with guest PCI MSI-X interrupt management activities logs messages on certain supposedly invalid guest operations. IMPACT A buggy or malicious guest repeatedly invoking such operations may result in the host disk to fill up, possibly leading to a Denial...
LogToServer action lets anyone log messages to the server log
Available without authentication. This can be used to hide breakin attempts or fill the disk if no log rotation is in place...
[SECURITY] [DSA 794-1] New polygen packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 794-1 [email protected] http://www.debian.org/security/ Martin Schulze September 1st, 2005 http://www.debian.org/security/faq -...