227 matches found
CVE-2023-26285 IBM MQ denial of service
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...
CVE-2023-26285 IBM MQ denial of service
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...
Advisory ROSA-SA-2023-2136
Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...
LibTIFF 缓冲区错误漏洞
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. LibTIFF version 4.4.0 contains an out-of-bounds read vulnerability, which stems from the lack of proper validation of user-supplied data and is exploited by attackers to cause a denial of service via specially craft...
SUSE CVE-2003-1029
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service infinite loop and memory consumption via a packet with invalid data to UDP port 1701, which causes l2tpavpprint to use a bad length value when calling printoctets...
SUSE CVE-2009-1180
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data...
SUSE CVE-2011-1957
The dissectdcmmain function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service infinite loop via an invalid PDU length...
SUSE CVE-2017-9106
An issue was discovered in adns before 1.5.2. adnsrrinfo mishandles a bogus datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun depending on the sizes of the types on...
SUSE CVE-2019-13113
Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...
GHSA-FRP9-2V6R-GJ97 muhammara and hummus vulnerable to null pointer dereference on bad response object
The package muhammara before 2.6.0 and the package hummus before 1.0.111 are vulnerable to Denial of Service DoS when PDFStreamForResponse is used with invalid data...
Denial of Service (DoS)
Overview muhammara is a Create, read and modify PDF files and streams. A drop in replacement for hummusjs PDF library Affected versions of this package are vulnerable to Denial of Service DoS when PDFStreamForResponse is used with invalid data. PoC js hummus = require'muhammara' writer = new...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when PDFStreamForResponse is used with invalid data. PoC js hummus = require'muhammara' writer = new hummus.PDFStreamForResponsenull writer = hummus.createWriterwriter writer.end Details Denial of Service DoS...
GO-2022-1071 Denial of service in flux controllers in github.com/fluxcd modules
Flux controllers are vulnerable to a denial of service attack. Users that have permissions to change Flux's objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout and structured variations of these fields, causing the...
Flux2 输入验证错误漏洞
Flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters synchronized with their configuration sources. A security vulnerability exists in Flux2 versions prior to 0.35.0, which stems from a denial of service Dos that can be caused by a user authorized to change Fl...
The vulnerability of the AAD Handler component in the Nimbus JOSE + JWT Java library, due to insufficient data authentication checks, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the AAD Handler component in the Nimbus JOSE + JWT Java library is related to insufficient verification of data authenticity. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information by uploading...
CVE-2022-22349
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...
IBM Sterling External Authentication Server 路径遍历漏洞
IBM Sterling External Authentication Server is a client application used to implement extended authentication and validation services for IBM products. IBM Sterling External Authentication Server path traversal vulnerability, which stems from a failure to properly validate RESTAPI configuration...
ASUS RT-AC52U_B1 Cross-Site Scripting Vulnerability
Asus Rt-Ac52UB1 is a dual-band wireless router from Asus China.A cross-site scripting vulnerability exists in ASUS RT-AC52UB1, which stems from the presence of invalid data filtering in ASUS RT-AC52U B1 version 3.0.0.4.380.10931, which could lead to user session hijacking. No detailed vulnerabili...
Asus Rt-Ac52U_B1 跨站脚本漏洞
Asus Rt-Ac52UB1 is a dual-band wireless router from Asus China.A cross-site scripting vulnerability exists in ASUS RT-AC52UB1, which stems from the presence of invalid data filtering in ASUS RT-AC52U B1 version 3.0.0.4.380.10931, which could lead to user session hijacking. No detailed vulnerabili...
cordova-plugin-fingerprint-aio 安全漏洞
Cordova-Plugin-Fingerprint-Aio is a Cordova plugin from the German individual developer Niklas Merz. It is used for fingerprint sensors and FaceId. A security vulnerability exists in cordova-plugin-fingerprint-aio, which stems from the plugin's exported activity...