Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2021-26252: 1967009 – (CVE-2021-26252) CVE-2021-26252 htmldoc: heap-buffer-overflow in pspdf_prepare_page()

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

CVE
Open in Source
#red_hat#dos
CVE-2021-3607: unchecked malloc size due to integer overflow in init_dev_ring()

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2022-0546: ⚓ T94572 Out-of-bounds memory access due to malformed HDR image file

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

CVE-2021-38995: Security Bulletin: Vulnerabilities in the AIX kernel (CVE-2021-38994, CVE-2021-38995)

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073.

CVE-2022-25638: wolfSSL Security Vulnerabilities | wolfSSL Embedded SSL/TLS Library

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.

CVE-2022-24614: A list of bugs found (33 bugs in total) · Issue #561 · drewnoakes/metadata-extractor

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.

CVE-2022-24615: Collection of Recent Reported Bugs for zip4j (2.9.0) · Issue #377 · srikanth-lingala/zip4j

zip4j up to 2.9.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.

CVE-2022-0695: Denial of Service in radare2

Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2021-35689: Oracle CVEs outside other Oracle public documents

A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle.

CVE-2022-22336: IBM X-Force Exchange

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.