CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent...

PYSEC-2024-67

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent...

PYSEC-2024-67

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent...

Internet Bug Bounty: CVE-2024-41989: Denial-Of-Service vulnerability in the floatformat template filter when input string contains a big exponent in scientific notation

CVE-2024-41989: A denial-of-service vulnerability was discovered in the floatformat template filter of the Django web framework. The vulnerability was caused by improper handling of input strings containing a large scientific exponent, leading to significant memory consumption on the server...

CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent...

CVE-2024-41989

CVE-2024-41989 affects Django 5.0 before 5.0.8 and 4.2 before 4.2.15, where the floatformat template filter can cause memory exhaustion when given a number in scientific notation with a large exponent in its string form. This is documented across multiple sources (including Debian’s DLA-4458-1, A...

DEBIAN-CVE-2024-4467

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

GO-2024-2472 Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry...

jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data

A flaw was found in Jettison. Sending a specially crafted string can cause a stack-based buffer overflow. This issue may allow a remote attacker to cause a denial of service...

NETGEAR RAX30 安全漏洞

NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in NETGEAR RAX30 that originates from a buffer overflow vulnerability during JSON data processing...

DEBIAN-CVE-2024-27017

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure ...

UBUNTU-CVE-2024-27017

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure ...

cJSON 安全漏洞

cJSON is a lightweight open source JSON parser. A security vulnerability exists in cJSON version v1.7.17, which stems from the inclusion of a segmentation violation, and can be triggered by the second parameter of the cJSONSetValuestring function in cJSON.c. The vulnerability can be exploited by...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a denial of service when decoding an ASN.1 OER message containing an unknown extension sequence...

PT-2024-18877 · Qualcomm · Snapdragon +6

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a transient Denial of Service DOS that occurs while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. No...

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

PT-2024-21427 · Vseeface · Vseeface

Name of the Vulnerable Software and Affected Versions: VSeeFace versions 1.13.38.c2 and earlier Description: The issue allows attackers to cause a denial of service, resulting in an application hang, via a spoofed UDP packet containing at least 10 digits in JSON data. Recommendations: For version...

USN-6713-1 qpdf vulnerability

It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked into processing a specially crafted JSON file, QPDF could be made to crash, resulting in a denial of service, or possibly execute arbitrary code...

jose Security Vulnerabilities

jose is a JavaScript module for signing and encrypting JSON objects. A security vulnerability exists in jose versions prior to 4.0.1, 3.0.3, and 2.6.3, which allows an attacker to send JWEs containing compressed data that uses a large amount of memory and CPU when decompressed via Decrypt or...

BIT-MOODLE-2021-20186

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS...