Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2022-0909: fix the FPE in tiffcrop (#393) (!310) · Merge requests · libtiff / libtiff · GitLab

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

CVE
Open in Source
#dos#git
CVE-2022-0907: add checks for return value of limitMalloc (#392) (!314) · Merge requests · libtiff / libtiff · GitLab

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

CVE-2022-23934: HP PC BIOS February 2022 Security Updates for 11 Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

CVE-2022-0908: 2022/CVE-2022-0908.json · master · GitLab.org / cves

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

CVE-2020-36518: Optimize `UntypedObjectDeserializer` wrt recursion [CVE-2020-36518] · Issue #2816 · FasterXML/jackson-databind

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

CVE-2020-36518: Optimize `UntypedObjectDeserializer` wrt recursion · Issue #2816 · FasterXML/jackson-databind

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

CVE-2022-25508: Unauthenticated Public RestAPI Endpoint · Issue #291 · FreeTAKTeam/FreeTakServer

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.

CVE-2022-0280

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.

CVE-2022-0280

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.