CVE-2024-41727

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition VEs using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-39792

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 Nginx 安全漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 USA, distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx, which stems from the possibility that undisclosed requests may result in increased memory resource...

ROS-20240813-03

Vulnerability of the usersdmatxadd function of the Infiniband driver of the Linux kernel is related to a pointer dereferencing error. pointer dereferencing error. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code Vulnerability of the i2cputadapter...

Advisory ROSA-SA-2024-2467

software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-5 CVE-ID: CVE-2023-45322 BDU-ID: 2023-06827 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlUnlinkNode function tree.c of the libxml2 library is related to memory usage after it is freed. Exploitation of the vulnerabili...

ROS-20240812-04

A vulnerability in the Collapsed Forwarding Handler component of the Squid proxy server is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service A vulnerability in the Squid proxy server component is...

SUSE CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent...

PYSEC-2024-67

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent...

ROS-20240807-01

Vulnerability in the implementation of ColladaParser::ExtractDataObjectFromChannel function of the Open Asset Import Library Assimp 3D models Open Asset Import Library Assimp is related to memory usage after release. Exploitation of the vulnerability could allow an attacker acting remotely to gai...

ROS-20240807-09

A vulnerability in the V8 JavaScript script handler of the Google Chrome browser is related to an improperly implemented security checks for the standard. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform a sandbox exit using a specially crafted HTML page A...

PT-2024-6154

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 Description: The issue is related to the floatformat function in Django, which can lead to uncontrolled resource consumption. This can be exploited by a remote attacker to...

CVE-2024-42063 bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

ROS-20240725-01

Vulnerability of HTTP/3 QUIC module ngxhttpv3module of NGINX Plus and NGINX OSS web servers is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service using specially craft...

ROS-20240724-01

A vulnerability in the DevTools component of the Google Chrome browser is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely, allowing an intruder to execute arbitrary code through a specially crafted HTML page A vulnerability in th...

ROS-20240724-02

A vulnerability in the Dawn component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code using a specially crafted HTML page A vulnerability in the SwiftShader...

ROS-20240723-06

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of memory after its release. memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely to cause a denial of service...

ROS-20240723-05

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to an insecure privilege management vulnerability. insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate their privileges A vulnerability in the...

Denial Of Service (DoS)

sixlabors.imagesharp is vulnerable to Denial Of Service DoS. The vulnerability is due to the improper processing of specific gif files, that can leads to excessive memory usage during decoding. Attackers can use a specially crafted file to crash the application or exhaust system resources...

CVE-2024-41132

CVE-2024-41132 (ImageSharp) : A vulnerability in the ImageSharp Gif decoder can cause excessive memory usage when processing specially crafted GIF files. The issue is triggered during image processing and affects SixLabors.ImageSharp. Remediation is to upgrade to SixLabors.ImageSharp versions 3.1...

CVE-2024-41132 SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...