Skip to content

TechMedia

Header Image
Category

HIGH

385 Posts

Featured

Posted byWpmaster
[Microsoft.NetCore.App.Runtime.win-arm] .NET Remote Code Execution Vulnerability
Posted byWpmaster
[github.com/traefik/traefik/v2] Traefik HTTP header parsing could cause a denial of service
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Exposure of Sensitive Information Through Metadata
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Insertion of Sensitive Information Into Sent Data

[pillow] Pillow subject to DoS via SAMPLESPERPIXEL tag

  • Posted inHIGH
  • Posted byWpmaster
  • 11/14/202211/23/2022

Pillow starting with 9.2.0 and prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL. A large value in the SAMPLESPERPIXEL tag could lead to a memory and runtime DOS in TiffImagePlugin.py when setting up the context for image decoding. This issue…

[pillow] Pillow vulnerable to Data Amplification attack.

  • Posted inHIGH
  • Posted byWpmaster
  • 11/14/202211/23/2022

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
References

https://nvd.nist.gov/vuln/detail/CVE-2022-45198
https://github.com/python-pillow/Pillow/pull/6402
https://bugs.gentoo.org/855683
https://cwe….

[wasmtime] Wasmtime may have data leakage between instances in the pooling allocator

  • Posted inHIGH
  • Posted byWpmaster
  • 11/11/202211/18/2022

Impact
There is a bug in Wasmtime’s implementation of it’s pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. The poolin…

[ckb] ckb type_id script resume may randomly fail

  • Posted inHIGH
  • Posted byWpmaster
  • 11/03/202211/03/2022

Impact
https://github.com/nervosnetwork/ckb/blob/v0.101.2/script/src/verify.rs#L871-L879
TypeIdSystemScript resume handle is not correct when max_cycles is not enough, ScriptError::ExceededMaximumCycles will be raised directly ranther than suspend as e…

[openssl-src] X.509 Email Address Variable Length Buffer Overflow

  • Posted inHIGH
  • Posted byWpmaster
  • 11/02/202211/05/2022

A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed a malicious certificate or for a…

[org.apache.tomcat:tomcat] Apache Tomcat may reject request containing invalid Content-Length header

  • Posted inHIGH
  • Posted byWpmaster
  • 11/01/202212/21/2022

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request conta…

[conduit-hyper] conduit-hyper vulnerable to Denial of Service from unchecked request length

  • Posted inHIGH
  • Posted byWpmaster
  • 11/01/202211/03/2022

Prior to version 0.4.2, conduit-hyper did not check any limit on a request’s length before calling hyper::body::to_bytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocati…

[ansible] amazon.aws.ec2_instance leaks passwords into logs when tower_callback.windows is set

  • Posted inHIGH
  • Posted byWpmaster
  • 10/29/202201/25/2023

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, l…

[org.jenkins-ci.plugins:pipeline-input-step] CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 10/20/202212/17/2022

Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the input step. This ID is used for the URLs that process user interactions for the given input step (proceed or abort) and is not …

[io.jenkins.plugins:pipeline-groovy-lib] Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 10/20/202212/17/2022

Pipeline: Groovy Libraries Plugin and older releases of the Pipeline: Deprecated Groovy Libraries Plugin (formerly Pipeline: Shared Groovy Libraries Plugin) define the library Pipeline step, which allows Pipeline authors to dynamically load Pipeline li…

Posts navigation

Previous Posts 1 … 21 22 23 24 25 … 39 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close