CVE-2024-41132 SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...

CVE-2024-41132

CVE-2024-41132 (ImageSharp) : A vulnerability in the ImageSharp Gif decoder can cause excessive memory usage when processing specially crafted GIF files. The issue is triggered during image processing and affects SixLabors.ImageSharp. Remediation is to upgrade to SixLabors.ImageSharp versions 3.1...

ROS-20240719-04

A vulnerability in the Microsoft .NET software platform and Microsoft software development tool Microsoft Visual Studio is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability...

ROS-20240717-01

Vulnerability of clientsendparams function in lib/ext/presharedkey.c component of GnuTLS transport layer security library is related to memory usage after its release. of GnuTLS transport layer is related to memory usage after its release. Exploitation exploitation of the vulnerability could allo...

CVE-2024-39549

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not...

CVE-2024-39548

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service DoS condition. The processes do not recover on their own and must be...

CVE-2024-39551 Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG Application Layer Gateway of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of...

CVE-2024-39551

Summary: CVE-2024-39551 is an Uncontrolled Resource Consumption vulnerability in the H.323 ALG of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC. An unauthenticated network attacker can send specific packets to trigger traffic loss/DoS. Continued receipt sustains t...

CVE-2024-39551 Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG Application Layer Gateway of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of...

CVE-2024-39548

CVE-2024-39548 describes an Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved. An unauthenticated, network-based attacker can cause memory consumption leading to a Denial of Service; affected systems do not recover automatically and requir...

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

CVE-2024-37535

...

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

ROS-20240627-01

A vulnerability in the implementation of the CORS mechanism of Microsoft Edge and Google Chrome browsers is related to weaknesses in the access controls. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and disclose protected...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service DoS. The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or client...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...