[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
Paid content will be excluded from the download.

Filter
Matches : 44042 Download | Alert*

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The erro ...

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service via the function new Range, when untrusted user data is provided as a range. Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving 'RST_STREAM' immediately followed by the 'GOAWAY' frames from an upstr ...

An untrusted search path vulnerability exists in Node.js. less than 19.6.1, less than 18.14.1, less than 16.19.1, and less than 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges

In some cases Node.js did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that ...

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. It is possible to bypass Permissions and access non authorized modules by using process.mainModule.require. This only affects us ...

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field

The use of Module._load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.Impacts:This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of module.cons ...

Use After Free in GitHub repository vim/vim prior to 9.0.1840. Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. Use After Free in GitHub repository vim/vim prior to 9.0.1857. Heap-based Buffer Overflow in GitHub repository vim/ ...

Memory corruption bug on JDK 21 and 20 when AVX-512 is enabled. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compro ...


Pages:      Start    1620    1621    1622    1623    1624    1625    1626    1627    1628    1629    1630    1631    1632    1633    ..   4404

© SecPod Technologies