45 matches found
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
CVE-2026-45664
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...
Astra Linux – Vulnerability in exiv2
The CiffDirectory::readDirectory method in crwimageint.cpp within Exiv2 0.26 has excessive stack consumption due to a recursive function, resulting in a denial of service...
GHSA-G5MF-WQQ5-VWG6 ImageMagick: Policy Bypass in MNG coder could
Because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...
CVE-2026-40980
In Spring AI, a memory exhaustion vulnerability exists in the ForkPDFLayoutTextStripper when processing a malicious PDF. Affected versions are Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). The CVSS data indicates availability impact is High, with network attack and low ...
CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...
UBUNTU-CVE-2026-34516
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....
Citrix NetScaler ADC和Citrix NetScaler Gateway 安全漏洞
Citrix NetScaler ADC and Citrix NetScaler Gateway are both products of the American company Citrix. Citrix NetScaler ADC is an application delivery and security platform. Citrix NetScaler Gateway is a solution for secure remote access. Both Citrix NetScaler ADC and Citrix NetScaler Gateway have...
RHEL 9 : grafana (RHSA-2026:3835)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3835 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509:...
SUSE SLES12 Security Update : libxml2 (SUSE-SU-2026:0782-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0782-1 advisory. - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807,...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
PT-2025-51370
Name of the Vulnerable Software and Affected Versions CHOCO TEI WATCHER mini IB-MCT001 affected versions not specified Description The CHOCO TEI WATCHER mini IB-MCT001 has a problem with how it handles unusual situations. Specifically, when the Video Download feature is operating in a particular...
Linux Distros Unpatched Vulnerability : CVE-2024-10307
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafte...
Security Bypass Vulnerabilities in Various ABB Products
ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...
ABB多款产品 安全漏洞
ABB ASPECT and others are products of ABB Switzerland.ABB ASPECT is a scalable building energy management and control solution.ABB MATRIX is an embedded building automation network controller.ABB NEXUS is a wireless and wired solution. A security vulnerability exists in several ABB products that...
ABB多款产品 安全漏洞
ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...
CVE-2025-30476
Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service...
CLSA-2025-1746655592 grafana: Fix of CVE-2025-30204
CVE-2025-30204: update golang-jwt/jwt to v4.5.2 to prevent a vulnerability that could lead to excessive memory allocation when parsing untrusted JWT tokens using ParseUnverified...
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
...
Vulnerability of the Server component: Security: Privileges of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component relates to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause downtime or service failures using the MySQL network protocol...