Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

IBM database updates address critical vulnerabilities in third-party XML parser

Flaws in popular parser prompt updates from numerous downstream vendors

PortSwigger
Open in Source
#vulnerability#ubuntu#linux#cisco#red_hat#dos#oracle
CVE-2022-27135: Poc/poc_ppm at master · verf1sh/Poc

xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.

CVE-2022-29546: OutOfMemory Exception by specifically crafted processing instruction

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.

CVE-2022-29546

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.

CVE-2022-1444

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.

CVE-2021-3722: 联想中国(Lenovo China)联想知识库

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.

CVE-2021-3721: 联想中国(Lenovo China)联想知识库

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.

CVE-2022-0636: Lenovo Thin Installer Denial of Service Vulnerability - Lenovo Support DE

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.

CVE-2021-38946: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.

CVE-2021-38946: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.