ROS-20240507-09

Vulnerability in the Extensions component of Microsoft Edge and Google Chrome browsers is related to incorrect security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information V8 JavaScript script handler...

Suricata 安全漏洞

Suricata is a suite of network Intrusion Detection Systems IDS, Intrusion Prevention Systems IPS, and network security monitoring engines developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load...

CVE-2024-32663

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

ROS-20240503-01

A vulnerability in the Web Audio component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code A vulnerability in the Skia graphics library of Google Chro...

Email-MIME 安全漏洞

Email-MIME is a perl library for parsing MIME messages from the personal developer Ricardo Signes. A security vulnerability exists in Email-MIME versions prior to 1.954, which stems from an excessive memory usage issue that may cause a denial of service when parsing multipart messages...

ROS-20240423-06

Envoy proxy vulnerability is due to the fact that regular expressions are compiled for each request and can lead to high CPU utilization and increased request latency. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. The Envoy proxy...

The vulnerability of the net/textproto package in the Golang programming language, which allows a hacker to trigger a service failure.

The vulnerability of the Golang net/textproto package is related to the large amount of memory allocated during the analysis of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

OESA-2024-1472 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amount...

Denial Of Service (DoS)

SixLabors.ImageSharp is vulnerable to Denial of Service DoS. The vulnerability is caused by processing specially crafted files, which results in excessive memory usage during image decoding...

CVE-2024-32035

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...

CVE-2024-32035

The CVE-2024-32035 entry concerns SixLabors.ImageSharp, a 2D graphics API. The vulnerability causes excessive memory usage in image decoders when processing specially crafted files, enabling a denial of service (DoS) by exhausting process memory. Affected is the ImageSharp decoding path as descri...

CVE-2024-32035 Memory Allocation with Excessive Size Value in SixLabors.ImageSharp

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...

PT-2024-24370 · Unknown · Imagesharp

Name of the Vulnerable Software and Affected Versions: ImageSharp versions prior to 2.1.8 ImageSharp versions prior to 3.1.4 Description: A vulnerability discovered in the ImageSharp library can lead to excessive memory usage in image decoders when processing specially crafted files. This flaw ca...

ROS-20240410-02

Vulnerability in the HTTP/3 QUIC module of NGINX Plus, NGINX OSS web servers that allows an attacker to cause a denial of service. denial of service Vulnerability of ngxhttpv3module module of NGINX and NGINX Plus servers is related to memory usage after its release. memory after it has been freed...

ROS-20240410-16

A vulnerability in the xmlValidatePopElement function of the XML Reader Interface component of the Libxml2 library is related to the memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service using a specially...

PT-2024-3279 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to a memory usage problem after memory release when handling requests. This can allow a remote attacker to execute arbitrary code, affecting the system...

ROS-20240409-18

Vulnerability of ImageMagick console graphical editor is related to memory usage after memory freeing when processing BMP files. when processing BMP files. Exploitation of the vulnerability could allow an attacker to cause a denial of service denial of service...

ROS-20240409-03

Vulnerability of ImageMagick console graphical editor is related to memory usage after memory freeing when processing BMP files. when processing BMP files. Exploitation of the vulnerability could allow an attacker to cause a denial of service denial of service...

ROS-20240408-08

Vulnerability of xorg-x11-server package is related to memory usage after it is freed when processing Button Action objects. Button Action objects. Exploitation of the vulnerability could allow an attacker to elevate his privileges and execute arbitrary code in root context The xorg-server packag...

ROS-20240405-09

A vulnerability in the gdevprnopenprinterseekable function of the gdevprnopenprinterseekable interpreter of the Ghostscript suite of software for Ghostscript document processing, conversion and generation software set interpreter is related to memory usage after its release. Exploitation of the...